We just raised a $30M Series A: Read our story

IBM Tivoli Access Manager [EOL] OverviewUNIXBusinessApplication

What is IBM Tivoli Access Manager [EOL]?
IBM Tivoli Access Manager is a robust and secure centralized policy management solution for e-business and distributed applications. IBM Tivoli Access Manager WebSEAL is a high performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space. WebSEAL can provide single sign-on solutions and incorporate back-end Web application server resources into its security policy.

IBM Tivoli Access Manager [EOL] is also known as Tivoli Access Manager, IBM Security Access Manager.

Buyer's Guide

Download the Single Sign-On (SSO) Buyer's Guide including reviews and more. Updated: October 2021

IBM Tivoli Access Manager [EOL] Customers
Essex Technology Group Inc.
IBM Tivoli Access Manager [EOL] Video

Archived IBM Tivoli Access Manager [EOL] Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
it_user711612
Senior Consultant at a insurance company with 1,001-5,000 employees
Vendor
Reverse proxy provides central control over authentication and authorization.

Pros and Cons

  • "The integration effort with the end application is quite straightforward and easy."
  • "Multi-factor authentication with social integration needs to improve."

How has it helped my organization?

It is a single product that caters for all the business needs throughout the organization. It provides a seamless integration that in turn encourages most of the applications to use the SSO features.

What is most valuable?

Reverse proxy is the most valuable feature as it provides central control over authentication and authorization. The integration effort with the end application is quite straightforward and easy.

What needs improvement?

Multi-factor authentication with social integration needs to improve.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

There were no scalability issues.

How are customer service and technical support?

An acceptable prompt response is received from the technical team depending on the severity of the issue.

Which solution did I use previously and why did I switch?

More features were found in this product compared to the previous solution that we were using.

How was the initial setup?

It needs quite a lot of time to design the architecture and properly layout the deployment for the high availability setup.

Which other solutions did I evaluate?

We looked at a couple of other products namely CA and Oracle.

What other advice do I have?

Properly understand the requirement and deploy the application correctly as the product comes with a vast number of features, that we might not use unless we don't check wisely.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user704022
Infrastructure Specialist at a financial services firm with 5,001-10,000 employees
Real User
I can integrate with in-house provisioning systems. The profiling element is complex.

Pros and Cons

  • "Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."
  • "The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available."

How has it helped my organization?

Allows users to use a single password across a set of multi-tenant application suites. This would have otherwise required 50-100 unique passwords per application. This allows the user to inject a centralized password (a.k.a. authentication service credential) with little ease and increased reliability. In turn, this removes the user element of the logon process, which is often the root cause of the invalid password attempts.

What is most valuable?

Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites. These are heavily customizable and can fully integrate with in-house provisioning systems.

What needs improvement?

The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available.

The majority of the "IMS profiles" we use are too dangerous to touch without multiple engineers having oversight of a change and an incredibly thorough change management system.

For clarity, an IMS Profile is the process flow in which the SSO component uses to recognize application screens, Windows and logon fields to be able to decide when to intercept and inject credentials into SSO managed applications.

What do I think about the stability of the solution?

There were endless issues with stability in version 8.0.1. There were issues with stability, anything from the IMS Services stopping on any of the IMS servers (the infrastructure servers responsible for allowing user connectivity to the back end which provides the user with their "wallet" at logon. These issues were improved with several hotfixes and service packs but the out-of-the-box version lacks any automatic SQL cleanup utilities, so to perform a cleanup of old users or wallets is dangerous SQL, which interrogates the database - to our knowledge this has not changed in the latest version.

What do I think about the scalability of the solution?

There were scalability issues with 8.0.1. Whilst we could build a new VM with the underlying OS and prerequisites, IBM was always required to assist on-site as only they knew the complicated and fairly undocumented procedure to implement a new IMS server to the pool. In 8.2.1, this has been amplified tenfold as the solution moved from Apache on Windows to IBM WebSphere on Windows, which is incredibly complicated and requires multiple levels of specialist knowledge. This makes it nearly impossible for our company to expand the number of nodes in the WebSphere cluster without accidentally introducing new issues in the said cluster.

How are customer service and technical support?

Technical support is very good, incredibly thorough, and if you have the right support agreement in place, it can be infinite. That being said, when raising a ticket, due to the complex nature of SSO, you need to provide a ton of technical details in the form of logs from the end point to the back end.

These recycle at a very high rate, especially in larger estates so acquiring the logs is not always easy. For this reason, we've had some larger issues outstanding for quite some time. For supported versions, if the level 1-3 teams can identify the cause, they will either provide you with a hotfix that has been previously developed, give you in depth instructions on what needs to change, or refer the development team for a bug fix.

Which solution did I use previously and why did I switch?

We previously managed passwords without an SSO solution. The next step was an enterprise grade SSO solution. At the time, the IBM SSO offering seemed to fit the bill.

How was the initial setup?

In v8.0.1 (several years ago), the out-of-the-box solution was very complex and required a huge amount of IBM's time (at cost to the client!) in order to implement the entire solution (test/uat/prod clusters).

Due to the nature of our business and the complication around some of the applications we deploy and wanted SSO to manage, this made the production implementation of SSO take in excess of one and a half years.

What's my experience with pricing, setup cost, and licensing?

The IBM prices are, as ever, extortionate, even with a business partnership, and high levels of discounts. This is the same as with other IBM products.

Which other solutions did I evaluate?

Several options were put on the table during an initial paper based PoC, but there were no other viable enterprise grade solutions which offered all of the functionality we required.

What other advice do I have?

Read through the (openly available) profiling guides to get a good understanding of how complex the profiling process is going to be. If you have very complex applications, which aren't a simple "start > username/password window opens > end", then you will be opening yourself up to needing a permanent resource to manage the entire solution end-to-end. IMs in all versions can get very unhappy if it's not nursed from time to time.

Disclosure: My company has a business relationship with this vendor other than being a customer: Our business has a close working relationship with IBM across several business areas and product sets. When using the legacy version of IMS 8.0.1, we only went for a basic support agreement which was fine, generally, but when choosing to upgrade to 8.2.1, we added an AVP support agreement to get better engagement and to help push us along with better management of our cluster.
Find out what your peers are saying about IBM, Broadcom, Auth0 and others in Single Sign-On (SSO). Updated: October 2021.
542,721 professionals have used our research since 2012.
Roopesh Verma
Senior Consultant at a tech company with 10,001+ employees
Consultant
Authentication, authorization and risk profile are valuable features. It is one of the best products in the present market.

Pros and Cons

  • "SAML 2.0."
  • "The self-service portal needs improvement."

What is most valuable?

  • Authentication
  • Authorization
  • Risk Profile
  • MFA
  • Federation
  • Oath
  • SAML 2.0

How has it helped my organization?

We implemented MFA in way that helps us to reduce a lot work load in terms of reducing help desk call to reset password.

What needs improvement?

The self-service portal needs improvement.

For how long have I used the solution?

I have been using this for five years.

What do I think about the stability of the solution?

We have not had stability issues.

What do I think about the scalability of the solution?

We have not had scalability issues.

How are customer service and technical support?

I rate technical support 7.5/10.

Which solution did I use previously and why did I switch?

We moved from IBM Access Manager 6.0 (software) to IBM Security Access Manager 9.0 (Appliance). We needed to implement MFA and some other features which are not supported in the old version.

How was the initial setup?

Setup of the appliance it straightforward.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing depends on buyers and sellers negotiation. Comparing the features and cost in the market will give a fair idea.

Which other solutions did I evaluate?

We looked at Oracle Access Manager.

What other advice do I have?

It is one of the best products in the present market in the area of access management.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user432489
Senior IAM/ Security Consultan at a tech services company with 11-50 employees
Consultant
The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features.

Pros and Cons

  • "OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server."
  • "An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help."

How has it helped my organization?

It provides robust security.

What is most valuable?

The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features.

The URL-based access control has become more important due to the paradigm shift towards RESTful APIs, i.e., where URLs uniquely represent the resources to be protected. IBM TAM has a rich authorization model which simulates the system/environment to be protected by its protected object space. This makes it easy to visualize the hierarchical model of the end system and to attach ACLs/policies and customized rules, to the objects to be protected.

OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server.

OIDC is fast becoming equally or more popular than SAML and is certainly the modern developers choice for SSO, i.e., for both the cloud/on-prem apps. The newer version of the IBM TAM supports OIDC, which can act as the OIDC provider.

What needs improvement?

The user interface for LMI needs improvement.

The Local Management Interface (LMI), especially for the older IBM Tivoli Appliance Manager (TAM) version, can be improved in terms of overall UI/UX and also, in terms of the performance of the monitoring dashboard.
The LMI for version 9 is much better in that respect.

An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help.

What do I think about the stability of the solution?

There were no stability issues.

What do I think about the scalability of the solution?

There were no scalability issues.

How is customer service and technical support?

I would rate the technical support a 6/10.

What about the implementation team?

The initial setup was of medium level complexity. The subsequent configuration was complex.

What other advice do I have?

Go for the latest version.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user634959
Security architect at a tech services company with 1,001-5,000 employees
Consultant
It solves a lot of the problems with help desk calls and password resets.

Pros and Cons

  • "The Verify feature: A push method which customers are going for."
  • "Looking at their roadmap, they have a broad grasp of the security features which the industry needs."

How has it helped my organization?

  • More productive work for employees: They do not have to spend time on resetting passwords or spend time with help desk calls
  • Return on investment for companies: Many companies spend a lot of money on these help desk calls
  • It is a good solution for anyone to take to their enterprise and get a buy in
  • It is going to be more secure than the traditional password

What is most valuable?

  • The Verify feature: A push method which customers are going for
  • “Password-less” solution
  • A very good demo to look at
  • A very good solution to take to customers
  • Solves a lot of the problems with help desk calls and password resets
  • A very secure solution

What needs improvement?

I am pretty happy with the outcome so far this year. We have yet to hear from the customers. I have not updated it myself and I have not done any work with customers. Looking at their roadmap, they have a broad grasp of the security features which the industry needs.

What do I think about the stability of the solution?

I have not tested the stability yet. This is the first time that I have seen it. I cannot comment on the stability at this point.

What do I think about the scalability of the solution?

I can’t comment about scalability. This is the first time that I have heard about this technology. I would like to learn more about this offering and then I will know how stable and scalable it is.

How are customer service and technical support?

We haven’t used technical support yet. This solution has not yet been released. It is still just a demo and it is going to come out in the next few months.

Which solution did I use previously and why did I switch?

I have been with this technology for over ten years. I have been following all the developments closely. I know that it is a good solution for customers to invest in.

What other advice do I have?

My advice to colleagues is to try the solution.

When looking for a vendor, I want the following from them:

  • A good understanding of the technology
  • Knowledge of how it should be implemented
  • Knowledge of the right way of doing things
  • An understand of the roadmap for the next few years: This will make sure that customers do not have to make a U-turn later and redo things
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user628068
Application Development Team Lead at a tech services company with 1,001-5,000 employees
Consultant
It is a secure way of accessing clients through various application portals.

What is most valuable?

  • Simplified architecture
  • Security

How has it helped my organization?

It is a totally secure way of accessing clients through various application portals for more than ten EU countries, just by using single sign-on. Moreover, its EAI makes customization easier with the Java/J2EE Applications.

What needs improvement?

  • Multi-source authentication
  • Common configs: These need to be moved into a single config file at the appliance level

For how long have I used the solution?

I have used this solution for three years.

What do I think about the stability of the solution?

There were no stability issues. However, trends are changing so fast and so are the clients' requirements. The clients also want their hold on the product. They are showing interest in customization.

What do I think about the scalability of the solution?

There were no scalability issues.

Which solution did I use previously and why did I switch?

This is my first product. However, I am moving, along with my clients, towards ForgeRock OpenIdentity Stack.

How was the initial setup?

It totally depends on the way the client wants to set up and implement the product. The security requires complex implementation. This is where no one wants to compromise.

What's my experience with pricing, setup cost, and licensing?

The pricing is always costly.

Which other solutions did I evaluate?

After working for three years with this solution, I am now looking for other products.

What other advice do I have?

It is the best product for bigger organizations, but trends are changing so fast. You should look at ForgeRock OpenIdentity Stack if you are looking for a slightly lower price range.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are implementation partners.
ITCS user
Technical Lead at a tech services company with 10,001+ employees
Consultant
Uses automated provisioning to create users. I would like to see AngularJS support.

How has it helped my organization?

The automation of provisioning has reduced the time it takes for creating a user or an employee in our organization.

What is most valuable?

Flexibility to connect with different environments and product stability are the best features.

  • Connection: There are a number of players in the market and most of them have challenges with being able to connect seamlessly without customization to various data providers, such as queues or databases. Since IBM's Identity and Access management has been in the market for a long time, the connectivity has improved over time.
  • Stability: An application that is not stable enough will never succeed in the market. I have seen less down time.

What needs improvement?

Microsoft has active file handling where you can access different types of documents from the browser itself. This is not supported anywhere other than with Microsoft products. This is desirable, but not a show-stopper.

AngularJS is not yet supported. This could be a cause of worry, since we are seeing the emergence of many AngularJS scripts in webpages. I am sure IBM is working towards enabling it.

What do I think about the stability of the solution?

There is Java process that hangs in WebSphere almost every month.

What do I think about the scalability of the solution?

We have had no problems with scalability.

How are customer service and technical support?

I would give technical support a rating of 4/5.

Which solution did I use previously and why did I switch?

I have always worked with IBM products. This solution was from Tivoli before IBM acquired it.

How was the initial setup?

Compared to the Oracle setup, the initial setup was straightforward.

What's my experience with pricing, setup cost, and licensing?

Pricing is competitive and is lower than other players in the market.

Which other solutions did I evaluate?

We evaluated Oracle, SailPoint, and ForgeRock.

What other advice do I have?

Go for it. It will be good for your business.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Middleware Specialist at a tech vendor with 10,001+ employees
Vendor
Component integration, SSO capabilities and transparency are the most valuable features I have found.

What is most valuable?

From my experience, most of the product features are meant for specific purpose(s) of its own demand and need. Implementing the feature depends on case to case, considering the organization's enterprise/middleware infrastructure design.

TAM component integration and their SSO capabilities and transparency are the most valuable features I have found.

How has it helped my organization?

It applies access controls on an organization's web space while running on its components independently, while being highly available. We can isolate our organization infrastructure from security considerations, as we have our entire organization security policy centralized, organised & administered from its API.

What needs improvement?

Older TAM versions are not compatible for connecting to a DB. I'm not sure if it is available in iSAM 8/9.

However, since iSAM 9 was released as an appliance model, I don't think having a DB as a TAM database directly makes any difference for the users.

For how long have I used the solution?

I have used it for five years.

What was my experience with deployment of the solution?

We have not encountered any deployment issues. There were a few challenges while implementing ETAI, and ETAI++ integration with the existing infrastructure.

Kerberos setup/run time & virtual hosting concepts have some limitations.

What do I think about the stability of the solution?

We have not encountered many stability issues.

What do I think about the scalability of the solution?

We have not encountered many scalability issues.

How are customer service and technical support?

Customer Service:

Customer service is 8/10.

Technical Support:

Technical support is 8/10.

Which solution did I use previously and why did I switch?

I have used CA SiteMinder, as well.

I don't see any technical reason for switching a strategic product from IBM TAM. However, considering the iSAM way of making an appliance model, which creates dependency on the cloud for infrastructure, we may think of other options.

How was the initial setup?

Initial setup is straightforward, but we might have to consider the solution architecture to make full use of its components' capacity.

What about the implementation team?

Implementations were in-house projects.

Which other solutions did I evaluate?

Before choosing this product, we evaluated CA SiteMinder and Oracle Access Manager.

What other advice do I have?

It is a very good security product to integrate with any middleware infrastructure.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Solutions Architect with 1,001-5,000 employees
Real User
Reverse proxy means applications need only minimal changes to support SSO with ISAM.

What is most valuable?

  • Several SSO methods are supported out of box.
  • Federation based SSO (SAML / Oauth / OpenID etc) setup is easy.
  • Very good performance and scalability.
  • The internal STS token service can be used for custom SSO tokens.
  • It is highly scalable and can meet high loads and performances.
  • Reverse proxy sits in front of the application and applications need only minimal changes to support SSO with ISAM.

How has it helped my organization?

Our customer had SSO requirements, as well as web-firewall and federation requirements that we fulfilled through this product.

What needs improvement?

Administration of the product can be improved a lot. IBM has taken care of this in good manner in release 9.0.

Product documentation, especially the new version 9.0, should be improved to give a quick understanding of product components and features.

For how long have I used the solution?

I have been working on this solution for over seven years.

What do I think about the stability of the solution?

We did not encounter any stability issues.

What do I think about the scalability of the solution?

We have not had scalability issues. It has good scalability features.

How are customer service and technical support?

Technical support is good to excellent.

Which solution did I use previously and why did I switch?

We used Novell eDir Access Manager.

How was the initial setup?

Product setup is straightforward.

What's my experience with pricing, setup cost, and licensing?

Licensing is good for this product as compared to other solutions in the market. It has competitive pricing.

Which other solutions did I evaluate?

We looked at OpenAM and Novell eDir Access Manager.

What other advice do I have?

Choose a good implementation team and do not do an in-house implementation.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are preferred solution provider of IBM and work closely with IBM in solution implementation.
it_user381273
Principal Consultant at a tech services company with 1,001-5,000 employees
Consultant
The auth and policy product has a reasonable LDAP implementation.

What is most valuable?

Tivoli Access Manager's proxy product (WebSEAL) is extremely fast. The configuration options are mysterious and old-school, but they are a rich and small enough set that you can comprehend them and get it working right. The auth and policy product has a reasonable LDAP implementation.

How has it helped my organization?

Step-up authentication in WebSEAL is a hook. You write a function to a particular spec, register it, and it gets called. The hook is in C, which makes sense because WebSEAL is fast and could not be written in an interpreted or high-level language.

Note that this is a way to improve WebSEAL modules, not a way to defer authentication to another server. For more, compare the second and last entries on this page.

What needs improvement?

There is only a single step-up authentication path, but I have sometimes seen the need for several steps or a divergent path. It’s getting hard to find people willing to admit that they still write in C programming language.

For how long have I used the solution?

We have used this solution since 2003.

What do I think about the stability of the solution?

No stability issues. This solution fulfills the common expectations about IBM software. It is fussy to configure, but runs like iron once you’ve got it right.

What do I think about the scalability of the solution?

No scalability issues. I get problems with the LDAP or the underlying machine first.

How are customer service and technical support?

They provide very good technical support. Perimeter security is a hot-button topic and you can get some serious help if it’s not right.

Which solution did I use previously and why did I switch?

While there are many products in this field, most companies use either this solution or CA SSO. I encountered others on rare occasions, such as Oracle, Entrust, Ping Identity, and NetIQ.

What about the implementation team?

I am not an admin for this solution, but it holds no special terrors.

What's my experience with pricing, setup cost, and licensing?

The issue is not how IBM licenses the product. You should think about how much of your traditional web traffic is going to migrate to your mobile/service gateways. If you are writing a lot of mobile apps and new JavaScript Frameworks UIs, then your traffic mix is going to change.

Which other solutions did I evaluate?

I am a consultant and typically work with the IBM stack.

What other advice do I have?

This solution’s pricing is by usage, not by instance. That means you can set up as many instances as you like. Never craft a really complicated configuration. In other words, put functionality A over here, functionality B over there, and let your F5 (e.g.) direct the flow of traffic.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are IBM Premier Partners. I am often tasked to advocate for IBM products and I have learned the best way to use them. I have long experience in many parts of the IBM stack.
it_user590454
Iam Security Architect & Consultant at a tech services company with 51-200 employees
Consultant
Acts as a reverse proxy, a single point for authentication and authorization. Advanced access control introduces adaptive or risk-based authentication.

What is most valuable?

A number of new features, such as application firewall and load balancer, were added to this solution. These features are no longer available as a software version, but only as an appliance (virtual or hard).

The same appliance firmware allows you to enable more features, such as advanced access control and federation, for all of the components.

How has it helped my organization?

It acts as a reverse proxy, a single point for authentication and authorization. Advanced access control introduces adaptive or risk-based authentication. Federation makes it possible to federate using SAML and OAuth.

What needs improvement?

I would like to see the possibility to administer the appliances from one “master” appliance, instead of having to log in to each particular appliance.

If you have for example 4 appliances, two act as reverse proxy and two as master appliances (with policy server configured in HA) … If you want to administer these appliances, you must login into each particular appliance. It would be nice if you can administer all of them through that one ‘master’ appliance… avoiding to setup a direct connection as it is currently the case.

For how long have I used the solution?

I have been using this solution for approximately 11 years.

What do I think about the stability of the solution?

There were some stability issues at the very beginning when we were moving from the software version to the appliance. IBM allowed customers and partners to interact directly with developers and others responsible for the product, so we could address issues, provide feedback, and get support.

What do I think about the scalability of the solution?

The solution is very scalable, especially with the move to appliances. Adding reverse proxy appliances to existing appliance clusters is very straightforward.

How are customer service and technical support?

I would give technical support a rating of 8 out of 10.

Which solution did I use previously and why did I switch?

I have used several solutions in the past.

We chose this solution for the following reasons:

  • It is very easy to set up.
  • The policy server is not actively used during authentication and is solely used for administration.
  • No plugin is required on any HTTP server.
  • It comes with a standalone (no-plugin) reverse proxy. That is in contrast to some other web access management solutions.
  • The IBM reverse proxy does not have a large support matrix upon which the HTTP-servers depend.

What about the implementation team?

The implementation was straightforward and well documented as follows:

  1. Deploying the appliances in the network infrastructure.
  2. Configuring the network interfaces and routing tables.
  3. Starting the configuration of WebSEAL and other required components (AAC or federation). Some background knowledge is required to set up WebSEAL.

What's my experience with pricing, setup cost, and licensing?

The license model is pretty complex. Some other IBM products are included and are not dependent on the form factor of the appliance. (Dependent products are IBM Directory Server and Directory Integrator.)

A combination of hard and soft appliances may be beneficial instead of solely using hard appliances. (It might be overkill to host a simple policy server.)

Which other solutions did I evaluate?

We evaluated alternative solutions, such as: CA SiteMinder, ForgeRock AM, and Microsoft ISA Server.

What other advice do I have?

It is a very stable and good product. The AAC-module becomes a necessity because authorization is moving from a static model (a static access control list based on static group membership) to a more dynamic model, based on user behavior and attributes.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are an IBM Business Partner.
it_user594669
Tivoli Consultant at a government with 1,001-5,000 employees
Vendor
AuthN and AuthZ mechanisms are built-in.

What is most valuable?

Some of the valuable features are:

  • Reverse proxy
  • Protected object space
  • Ease of integration
  • Multiple and robust AuthN and AuthZ mechanisms built-in
  • No single point of failure (SPOF)

How has it helped my organization?

It has improved the working of our organization by having:

  • Multiple endpoints integrated
  • One integration point with reverse proxy for multiple portals

What needs improvement?

The Tivoli Access Manager v6.1.1 (TAMeB) came in a software form factor. It needed a separate LDAP server; and usually separate servers for policy/AuthZ servers and WebSEAL. Besides, for scalability purposes, WebSEAL is usually deployed on multiple front-end servers that are load balanced. For a large user base in a standalone environment, TAMeB requires at least 3 servers. For a simple HA environment, it doubles that number to 6. Now these factors affect the regular maintenance schedule and it becomes quite "bulky" from an infrastructure perspective.

Besides this, TAMeB in its software form factor has multiple software components to be installed in a particular sequence.

Hence, from a TAMeB deployment perspective, both these factors have scope for improvement in its current form.

For how long have I used the solution?

I have used this solution for five years.

What do I think about the stability of the solution?

It is highly stable. No issues were encountered by us.

What do I think about the scalability of the solution?

The TAMeB policy server is not scalable.

How are customer service and technical support?

I would rate the technical support a 8/10.

Which solution did I use previously and why did I switch?

Before, no other policy-based AuthZ solution was in place at this client.

What about the implementation team?

The initial setup was complex because:

  • Bulky server infrastructure was needed.
  • Complex installation procedure.
  • Too many components to be installed in a particular sequence.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing policy depends on the client deployment needs and the number of end users and servers.

The license for the product is expensive but flexible.

You can choose from the User Value Unit (UVU)- and Processor Value Unit (PVU)-based licensing models.

Which other solutions did I evaluate?

Before choosing, we looked at another solution, namely CA SiteMinder.

What other advice do I have?

The subsequent version of this product comes in an appliance form factor. The appliance form factor is easy to work with. Thus, you have a choice to select from a virtual or hardware appliance form factor in order to implement this product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user595737
Service Now Consultant at a tech services company with 51-200 employees
Consultant
Multiple instances per component can be installed with load balancers.

What is most valuable?

Some valuable features in this product are: webSEAL policy, proxy servers, LDAP server (IBM TDS).

The modularity with which each component may run on a different host is valuable. In addition, multiple instances per component might be installed with load balancers. It provides good scalability and reliability, not to mention the overall availability of the service.

How has it helped my organization?

The entire security of the intranet and internet web applications has been covered by the TAM environment.

What needs improvement?

It happened from time to time, that is, after a long period without restart, the TDS/LDAP instances crashed and remained in a hanging state. A restart did solve the issue but the support was not able to find the cause, despite the fact that the latest fix pack was installed for TDS v6.3.

A similar issue came up when LDAP requests did cause performance issues on TDS or caused the TDS to crash.

As information on fixes and issues related to ITDS are publicly available, let me point you to the respective site:

You may notice, there are several issues listed, which lead to a crash.

Not sure, which one is/was ours, but please notice that TAM/SAM requires multiple software bundles to be installed (like GSKit, Java SDK, WAS, DB2) – each of them having issues.

For how long have I used the solution?

I have used this solution for five years.

What do I think about the stability of the solution?

We experienced crashing of LDAP with some specific queries and it affected performance of the TDS proxy.

What do I think about the scalability of the solution?

It is scalable via load balancers but there are some issues with sync while using several LDAP trees.

How are customer service and technical support?

I would give the technical support a 8/10 rating. Sometimes, there are long running support tickets (for 6-8 months) and that is unacceptable from the customer's point of view.

Which solution did I use previously and why did I switch?

We were not using any other solution before. We were partially using Apache reverse proxy along with LDAP.

What about the implementation team?

The setup is complex. Without training and prior knowledge, it is hard to get a working environment.

What other advice do I have?

As far as I know, the later versions of TAM (renamed to SAM), are working as appliances and with that, no experience is needed. My advice is to be careful and think twice.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Security Team Leader at SYSM GmbH
Vendor
It now is available a physical or virtual appliance. This simplifies the management a lot, and the deployment as well.

What is most valuable?

Since a couple of versions back, the product moved to a different “mentality” I would say. Compared to when it was deployed as a software package, things are now much smoother in that direction. The product is coming as an appliance (either hardware either virtual). This method simplifies the management a lot, and the deployment as well. It provides SSO across applications, together with risk-based access and strong multi-factor authentication. Very flexible and scalable.

What needs improvement?

There are few things where there is room for improvement:

Log management via UI is one of the them. Automation can be achieved via REST API’s, for example, but in a small environment, when a customer is using the UI, for example, you cannot do a multiple selection of logs (to be deleted let’s say). Or a filtering of those.

A better/easier-to-use (user-friendly) interface. A more intuitive interface and menu navigation would be useful.

Rollback of FixPacks to be available via UI as well. At the moment, if you want to roll back a FP, you can do it only via LMI (appliance console).
Those would be my main requests to be improved.

For how long have I used the solution?

I’ve been using the product since 2009.

What do I think about the stability of the solution?

I think in the earlier versions I was working with, there were (a few times) some small stability issues, but those were related more to the very custom environments on the customer side.

What do I think about the scalability of the solution?

No scalability issues on this side.

How are customer service and technical support?

Technical support is doing its job mostly. What I don’t particularly like is the flow duration. But it really depends on the magnitude of the problem you have. I would rate it as good to very good in most cases.

Which solution did I use previously and why did I switch?

I did not previously use a different solution.

Which other solutions did I evaluate?

I haven’t used any other vendor’s products.

What other advice do I have?

It is a simple-to-deploy solution, with many features that are supported out-of-the-box without complicated setup. But, depending on your requirements, it can become complex but not hard to manage.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Sales Engineer - Identity and Access Management at Sailpoint
Real User
Top 20
The single sign-on configurations support multiple types of configurations, including FSSO, HTTP, SAML.

What is most valuable?

The single sign-on configurations are unique to the product. They support multiple types of SSO configurations, including FSSO, HTTP, SAML. The most robust functionality for SSO is its EAI (External Authentication Interface) option. EAI allows customers to customize their authentication mechanisms as per their needs.

Access management for web resources is simple to configure but highly impenetrable. It can search all the resources in the protected system and allows you to manage user access with a few clicks.

How has it helped my organization?

The robust single sign-on feature allows business users to improve their productivity in their day-to-day tasks. It also provides end-user activity visibility on critical applications.

What needs improvement?

The user interface looks like it was designed for technical personnel only. The interface is part of the WebSphere Admin console. A lot of configuration, including those for SSO, are done through scripts and config files. The GUI could incorporate these configurations.

For how long have I used the solution?

I have used it for four years.

What do I think about the stability of the solution?

If we talk about out-of-the-box functionality, the product is highly stable. For the areas in which the product allows customization, stability is dependent on the quality of customization done.

What do I think about the scalability of the solution?

The product is highly scalable; very simple to increase the scale of deployment.

How are customer service and technical support?

IBM provides prompt support on any issues faced. IBM is willing to go an extra mile to help meet their customers’ requirements.

Which solution did I use previously and why did I switch?

This was the first product I have worked with.

How was the initial setup?

Initial setup in older versions was quite complex, but with the newer versions it is quite simple. The product also comes with a pre-configured appliance.

What's my experience with pricing, setup cost, and licensing?

I am more involved in the technical side, with limited knowledge of licensing and pricing.

Which other solutions did I evaluate?

I am part of an organization which is an IBM business partner and provides services using IBM products only.

What other advice do I have?

This product is highly recommended to meet access management and web single sign-on requirements.

Disclosure: My company has a business relationship with this vendor other than being a customer: My company is an IBM business partner.
ITCS user
Solution Architect Lead at a insurance company with 1,001-5,000 employees
Real User
It can map a user account in a domain controller to a web application's user account that has a different ID, in collaboration with IBM Tivoli Identity Manager.

Valuable Features

WebSEAL is a reverse proxy web server that performs authentication and authorizations. It is similar to CA SiteMinder Secure Proxy Server. The advantage of WebSEAL is that WebSEAL supports SPNEGO protocol and Kerberos authentication to support Windows desktop single sign-on. Actually, Apache HTTP server supports SPNEGO protocol, as well. However, TAM can map a user account in a domain controller to a web application's user account that has a different ID, in collaboration with IBM Tivoli Identity Manager (TIM).

Improvements to My Organization

The combination of TAM with IDM in IBM Tivoli Identity Manager helped us to realize robust and secure authentication infrastructure in accordance with industry regulations and laws.

  1. Providing centralized authentication authority and enforce consistent authorization policies to users.
  2. Realizing ease of user accesses using enterprise level single sign-on.
  3. Improving traceability of application uses.

On the other hand, Tivoli Identity Manager known as TIM provides centralized ID lifecycle management as an IDM solution.

By using TIM together with TAM, the following benefits are served:

Many actual accounts in several LDAPs including TAM LDAP are managed by TIM LDAP. (LDAP directory tree supports a nest structure known as “Person has many accounts” model). In addition, person can have many attributes like; department code, Job grade, hiring date, resignation date in the future, etc.

By using these attributes, all accounts which belong to the person automatically are able to be activate/or inactivate. Specifically, account creation/deletion/update can execute automatically by using HR information. If someone reaches his/her retirement date, the account is inactivated by automate workflow process, without raising the account deletion request.

In addition, a process called “Reconciliation” checks several LDAPs (e.g. Active Directory), and can harmonize account information and its attributes between TIM and the LDAP. For example, if an improper account is directly created into Active Directory, scheduled Reconciliation process detects the account, and revoke the account based on pre-setting rules.

This is the reason I recommend to use TAM together with TIM.

Room for Improvement

Due to a constraint of the built-in browser in a Handy phone (called NTT i-Mode), the former version of TAM could not be used in the Japan market. The issue was resolved by the decline of Japan-specific Handy phones.

Cookies were not supported in i-Mode browser ver.1, which had the highest market share in Japan. Hence, sessions between that browser and WebSEAL could not maintain the session state using a cookie. The constraint had widespread implications. Some examples: re-authentication, session affinity, cookie-based failover mechanisms. Besides, IBM Japan declared that all browsers built in Handy phones were not supported officially in that version.

Rather than a weakness of the WebSEAL specification, that constraint was caused by the insufficient i-Mode browser specification, which was developed by NTT Docomo. Considering the negatives, we could not use WebSEAL for Handy-phone facing applications. (A workaround might exist, but the industry-standardized manner of using cookies was in our favor.)

Use of Solution

An insurance company I left three years ago has been using TAM for 10 years.

Stability Issues

I did not encounter any stability issues.

Scalability Issues

I did not encounter any special scalability issues, because Access Manager Policy Server offloads the access traffic to the Master authorization policy store to a replica on WebSEAL Server. Likewise, PD.Acld on a back-end web application acts as a proxy of Policy Server.

Customer Service and Technical Support

Technical support is 6/10.

Initial Setup

Initial setup was complicated because TAM was implemented as a part of the IDM solution. It took me a long time to set up the directory integration among many user stores, e.g., Tivoli Identity Manager, Active Directory, Lotus Domino Directory, application user store using database.

Pricing, Setup Cost and Licensing

The user-based licensing is relatively expensive in a large-scale enterprise. Therefore, proper understanding of the AAA solution by executive management is strongly needed to obtain the budget, in addition to discount negotiation.

Other Solutions Considered

I evaluated the following solutions:

After the results, the company decided to use TAM, following my recommendation at that time.

Other Advice

It is essential to hire an SME who has the appropriate skills with the products, in order to avoid vendor lock-in.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user185811
Information Security Engineer with 1,001-5,000 employees
Vendor
Logging needs improvement.

What is most valuable?

Identity management

How has it helped my organization?

We have managed to automate the creation of all employees, and the company's clients and then assign the accounts/accesses according to business need.

What needs improvement?

TIM logging

For how long have I used the solution?

Three and a half years.

What was my experience with deployment of the solution?

Little issues that were quick to resolve. I don't understand why they have to separate the deployment, as I have used other products that make the deployment as easy as possible.

What do I think about the stability of the solution?

Never.

What do I think about the scalability of the solution?

Never.

How are customer service and technical support?

Good.

Which solution did I use

What is most valuable?

Identity management

How has it helped my organization?

We have managed to automate the creation of all employees, and the company's clients and then assign the accounts/accesses according to business need.

What needs improvement?

TIM logging

For how long have I used the solution?

Three and a half years.

What was my experience with deployment of the solution?

Little issues that were quick to resolve. I don't understand why they have to separate the deployment, as I have used other products that make the deployment as easy as possible.

What do I think about the stability of the solution?

Never.

What do I think about the scalability of the solution?

Never.

How are customer service and technical support?

Good.

Which solution did I use previously and why did I switch?

I have only ever used this product.

How was the initial setup?

The initial set-up is a bit complex for a novice as the Linux version of it needs you to be somewhat good with Linux. There are certain OS requirements which if you are not familiar with Linux, you going to struggle a bit.

What about the implementation team?

Through a vendor team, and their level of expertise was very high.

Which other solutions did I evaluate?

No other options were evaluated.

What other advice do I have?

It is a very good product to implement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user184626
Manager of Online Web Services Team at a financial services firm with 1,001-5,000 employees
Vendor
Keeps our web applications secure despite the Web Portal Manager not implementing the full set of functions

What is most valuable?

Web security.

How has it helped my organization?

It keeps our web applications secure.

What needs improvement?

Web Portal Manager does not implement the full set of functions found in the command line

For how long have I used the solution?

Nine years.

What was my experience with deployment of the solution?

There are some challenges between major version upgrades. We usually wait for the first fix pack before evaluating the system for an upgrade.

What do I think about the stability of the solution?

Early versions had issues but since version 5.1 it has been very stable.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: Very good. Technical…

What is most valuable?

Web security.

How has it helped my organization?

It keeps our web applications secure.

What needs improvement?

Web Portal Manager does not implement the full set of functions found in the command line

For how long have I used the solution?

Nine years.

What was my experience with deployment of the solution?

There are some challenges between major version upgrades. We usually wait for the first fix pack before evaluating the system for an upgrade.

What do I think about the stability of the solution?

Early versions had issues but since version 5.1 it has been very stable.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Very good.

Technical Support:

It depends on who you get. Some Level One technicians are better than others. When you get to Level Two and Three it's much improved. We've dealt directly with the developers on several occasions and those folks are the best.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

I was not involved in the initial roll-out but did participate in the upgrades from v4.1 to v5.1 and from v5.1 to v6.1. Junction file format changed from v5.1 to v6.1 which cause some challenges.

What about the implementation team?

In-house implementation.

What other advice do I have?

IBM directory server offers the best roll-out experience. We are just beginning to look at using Active Directory for our repository,

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Consultant at a tech consulting company with 51-200 employees
Consultant
WebSEAL provides a large number of authentication options out of the box but the admin UI needs to be friendlier.

What is most valuable?

Reverse proxy component, known as WebSEAL. It provides large number of authentication options that are out of the box.

How has it helped my organization?

I am a consultant and work on designing and implementing this tool for our customers. It has helped them to improve and control web and mobile application security.

What needs improvement?

This product is also available in the appliance offering which has not yet matured and has many issues. Most of the time application of fix-packs cause problems to existing functionality. Also, all the features of the product are not available in the appliance version. Lastly, there is huge room to improve the administration UI to make more user friendly.

For how long have I used the solution?

10 years.

What was my experience with deployment of the solution?

Deployment is quite easy, and the only issues that were faced were with fix pack applications afterwards.

What do I think about the stability of the solution?

Not really.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Overall, it's decent. Many times it depends on the IBM support team member handling the customers' issue.

Technical Support:

Overall, it's decent. Many times it depends on the IBM support team member handling the customers' issue.

Which solution did I use previously and why did I switch?

I have not used a different solution.

How was the initial setup?

Initial set-up is straightforward.

What other advice do I have?

It's one of the best available products of its class. Worth investing in.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Technical Lead at a tech services company with 10,001+ employees
Consultant
Has provided more secure computing. Unfortunately, has many issues with deployment.

What is most valuable?

Junctions access control Transparency to the user

How has it helped my organization?

Provided more secure computing.

What needs improvement?

The whole product could be made into one suite instead of multiple components which are essentially a part of the same infrastructure.

For how long have I used the solution?

Six years.

What was my experience with deployment of the solution?

Yes, the deployment has many issues like: the sequence of components installation, connectivity and most of all, certificates.

What do I think about the stability of the solution?

Yes, the applications depend on each other to function. Each application becomes a single point of failure.

What do I think about the scalability of the solution?

No issues encountered. …

What is most valuable?

  • Junctions access control
  • Transparency to the user

How has it helped my organization?

Provided more secure computing.

What needs improvement?

The whole product could be made into one suite instead of multiple components which are essentially a part of the same infrastructure.

For how long have I used the solution?

Six years.

What was my experience with deployment of the solution?

Yes, the deployment has many issues like: the sequence of components installation, connectivity and most of all, certificates.

What do I think about the stability of the solution?

Yes, the applications depend on each other to function. Each application becomes a single point of failure.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

8/10.

Technical Support:

8/10.

Which solution did I use previously and why did I switch?

No solution was used previously.

How was the initial setup?

Many components needed to be installed with even more prerequisites. Each component had a sequence to follow.

What about the implementation team?

It was implemented by an in-house team.

Which other solutions did I evaluate?

We also looked at Siteminder.

What other advice do I have?

Go for Siteminder.

Disclosure: My company has a business relationship with this vendor other than being a customer: partners
it_user181527
Consultant at a consultancy with 51-200 employees
Consultant
It’s a very flexible and customizable product but installation and configuration need improving

What is most valuable?

It’s a very flexible and customizable product.

How has it helped my organization?

  • It provided a secure and robust end to end security solution.
  • You can fine tune authentication and authorization
  • It’s also easily scalable.

What needs improvement?

  • Installation and configuration.
  • If you don’t know the requirements of the supporting components, it could be complicated to install and this has been improved in the later versions that are renamed to IBM Tivoli Security Access Manager.
  • Also the knowledge base articles on the internet are limited.

For how long have I used the solution?

Several years.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

This is a very stable product that can run forever.

What do I think about the scalability of the solution?

There are no issues with scalability with this product. Easily to do with no downtime.

How are customer service and technical support?

Customer Service:

Good. Nothing to complain about.

Technical Support:

The technical support are very skilled and has helped solve all issues that I needed help with in a timely fashion.

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

Not as straight forward as Microsoft products where the dependencies are bundled in the installation.

What about the implementation team?

I was part of the in-house team and we managed to handle it without the help from the vendor.

What's my experience with pricing, setup cost, and licensing?

The setup cost is like any other product, and once setup, this product requires very low maintenance.

Which other solutions did I evaluate?

No other options were evaluated.

What other advice do I have?

Most often IBM Tivoli Access Manager is not involved when backend applications are developed an this can sometimes cause the applications to not function properly and you need to spend time troubleshooting and do changes in the application.

An IBM Tivoli Access Manager technician should be involved from the start when developing a new application.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user181038
Enterprise Security Architect at a tech services company with 51-200 employees
Consultant
SSO capabilities over various technologies is a strength of this product but the federation capabilites are very limited

What is most valuable?

Centralized policy management and reverse proxy-based architecture make it very flexible in terms of deployment, adoption, and implementation. SSO capabilities over various technologies is another strength of this product.

How has it helped my organization?

This product enhanced the overall security at perimeter and improved user experience via SSO. A central place for policy and credentials simplifies the authentication over application landscape.

What needs improvement?

The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration. Also the federation capabilites are very limited.

For how long have I used the solution?

I have deployed this product at various clients over the last 10 years.

What was my experience with deployment of the solution?

Initial deployment of the product is always critical and issues do come up but not due to limitation in the product. Most of the issues were around bad planning or incorrect deployment.

What do I think about the stability of the solution?

No, there were bugs identified many times but mostly they were fixed via patch release or a workaround was offered.

What do I think about the scalability of the solution?

No, if deployed correctly it is highly scalable product.

How are customer service and technical support?

Customer Service:

Fantastic customer service from IBM.

Technical Support:

Technical support is good as you can raise issue any time and based on criticality of the issue IBM can provide support immediately. In some cases even on-premise support is also available.

Which solution did I use previously and why did I switch?

A home grown solution was replaced by ISAM to change and configure SSO quickly for applications and at the same time using a scalable product was other major consideration.

How was the initial setup?

The initial setup is always complex due to number of applications and user base involved. As the product is a front door for all applications this is very critical and complex setup. Also due to internal and external users and multiple authentication mechanisms involved for different type of users it gets complicated.

What about the implementation team?

IBM team was used for the initial deployment and support and the support provided by them was fantastic. They offer quality consultants all across the globe with short notice.

Which other solutions did I evaluate?

Yes, it was compared with Siteminde.

What other advice do I have?

This is a great product with proven history. A little better planning is required before deploying it. Given the change in web technologies and SSO protocols it might be better to check other products in market too.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user178584
Senior Info Security Consultant at a tech services company with 10,001+ employees
Real User
Complex set-up but the WebSEAL reverse proxy is great for protecting your critical systems

What is most valuable?

WebSEAL SSO

How has it helped my organization?

The WebSEAL reverse proxy is great for protecting your critical systems.

What needs improvement?

There is always room for improvement in all areas.

For how long have I used the solution?

On and off for five years.

What was my experience with deployment of the solution?

Yes, because there are so many moving parts it can often be difficult getting it right first time. Linux is more difficult than Windows but I feel Linux is more stable.

What do I think about the stability of the solution?

Not once it’s is installed.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service: Good. Technical Support: Very…

What is most valuable?

  • WebSEAL
  • SSO

How has it helped my organization?

The WebSEAL reverse proxy is great for protecting your critical systems.

What needs improvement?

There is always room for improvement in all areas.

For how long have I used the solution?

On and off for five years.

What was my experience with deployment of the solution?

Yes, because there are so many moving parts it can often be difficult getting it right first time. Linux is more difficult than Windows but I feel Linux is more stable.

What do I think about the stability of the solution?

Not once it’s is installed.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Good.

Technical Support:

Very good.

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

Complex. Like I mentioned, there are so many moving parts and I had issues with DB2 installation and patching it up to latest versions. This seems typical but others may have had better experiences.

What about the implementation team?

Vendor. Their experience was phenomenal.

Which other solutions did I evaluate?

No other options evaluated.

What other advice do I have?

Try to install a few times on various platforms to familiarise yourself with any issues.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user178272
Senior Security Consultant with 51-200 employees
Vendor
Simplified deployment of web applications. Very stable product.

What is most valuable?

Protection of web applications

How has it helped my organization?

Simplified deployment of web applications. The ISAM products centralises authentication and authorization giving a shorter time-to-market in the development of new web sites/applications

What needs improvement?

Since ISAM 7, and especially version 8 IBM has moved from software-install to appliance based (virtual or hardware) this really improves the speed of new patches and releases. IBM promised to release a new appliance-firmware every quarter, so far they kept their promise.

For how long have I used the solution?

10+ years.

What was my experience with deployment of the solution?

You do need to train to add to your skill set, and need to fully understand the possibilities and features which takes a while. Since I've been using it for over 10 years it is no longer difficult for me to deploy. Of course with new version some things change, so reading the documentation is quite useful sometimes.

What do I think about the stability of the solution?

Since its birth it is an unbelievable stable product. I know of a deployment that did not receive any maintenance for several years and it was still working.

What do I think about the scalability of the solution?

Nope, it is designed to be very flexible. It can handle any size website.

How are customer service and technical support?

Customer Service:

We as a Premium Business Partner have some advantages in being able to contact the developers more easily. Our customers can raise tickets, and depending on their contract, they are suitably assisted by IBM.

Technical Support:

It has been good for long time.

Which solution did I use previously and why did I switch?

Nope, somehow I ended up a IBM Business Partners, always using ISAM. But are also using IBM Security Identity Manager, IBM Security Directory Server, IBM Security Directory Integrator, IBM Federated Identity Manager. Basically all IBM Security Identity and Access Management offerings except IBM Tivoli Access Manager for ESSO (confusing naming, but a really different product that does not really combine with all the others in my humble opinion).

How was the initial setup?

With the firmware appliance it is easy as pie.

What about the implementation team?

I'm part of a IBM Premium Business Partner, we are specialised in IBM IAM deployments. In many occasions IBM Netherlands is requesting our services to get the job done.

What was our ROI?

An ROI, is for most customers not easy to make being a security solution. It gives more hassle than not using it, insurance-wise you could say. Once a customer has chosen it they stick with it, I did not see many customers abandoning it due to ISAM not performing or not being satisfied.

What other advice do I have?

Ensure you got your team trained and get external expertise for your architectural design and first deployments. While learning on the job, your team can take over after a while.

Disclosure: My company has a business relationship with this vendor other than being a customer: IBM Premier Business Partner. I'm personally involved in contributing to the official IBM Security exams, and an official instructor for these products for over ten years
Rodney Dapilmoto
Systems Admin Analyst 3 at CPS Energy
Real User
Top 20Leaderboard
We can track the roles associated to each user. Needs better documentation on usage and admin tasks

Valuable Features:

I like the primary function of this product allowing the administration of user/network accounts with a fair amount of ease.

Improvements to My Organization:

Tracks and assists us with Roles associated to each user.

Room for Improvement:

Need better documentation on usage and admin tasks.

Use of Solution:

It has been used for at least five years but I have only been working with it since August 2014.

Stability Issues:

We have had stability issues lately with the hardware and SAN that the product runs on.

Implementation Team:

We implemented this through a vendor.

Valuable Features:

I like the primary function of this product allowing the administration of user/network accounts with a fair amount of ease.

Improvements to My Organization:

Tracks and assists us with Roles associated to each user.

Room for Improvement:

Need better documentation on usage and admin tasks.

Use of Solution:

It has been used for at least five years but I have only been working with it since August 2014.

Stability Issues:

We have had stability issues lately with the hardware and SAN that the product runs on.

Implementation Team:

We implemented this through a vendor.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Tivoli Access Manager SME at a government with 1,001-5,000 employees
Real User
Easy integration with existing web applications however the Redundant Policy servers had to be manually configured.

Valuable Features

Scalability and the easy integration with existing web applications with no or minimal change to applications.

Improvements to My Organization

Tivoli Access Manger lets you separate security from applications and manage at one place. Several applications can be rolled into to the same security model.

Room for Improvement

Redundant Policy servers had to be manually configured using LB.

Use of Solution

12 years.

Deployment Issues

No

Stability Issues

No

Scalability Issues

No

Customer Service and Technical Support

Customer Service: Excellent. Technical Support: Excellent.

Initial Setup

It is straightforward. However it also takes experience to roll out this product.

Implementation Team

We used a vendor team and they were excellent. …

Valuable Features

Scalability and the easy integration with existing web applications with no or minimal change to applications.

Improvements to My Organization

Tivoli Access Manger lets you separate security from applications and manage at one place. Several applications can be rolled into to the same security model.

Room for Improvement

Redundant Policy servers had to be manually configured using LB.

Use of Solution

12 years.

Deployment Issues

No

Stability Issues

No

Scalability Issues

No

Customer Service and Technical Support

Customer Service:

Excellent.

Technical Support:

Excellent.

Initial Setup

It is straightforward. However it also takes experience to roll out this product.

Implementation Team

We used a vendor team and they were excellent.

Other Solutions Considered

CA Siteminder was considered.

Other Advice

ISAM 8.0 the new version of Tivoli Access Manager may be considered for large web security implementations.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Roopesh Verma
Senior Consultant at a tech company with 10,001+ employees
Consultant
We're able to generate user accounts much quicker than before but cross-domain authentication needs improvement.

What is most valuable?

  • Password management
  • Single sign on
  • Provisioning and de-provisioning of account
  • Unified Directory Server

How has it helped my organization?

Before solution implemented it took around 2-3 weeks to get all the necessary account information for a new employee in my organization. Since implementation, this now only takes a few minutes. As soon as HR submit all their data the user account is generated and the user gets their username and password.

Also, we have many applications and before SSO the users had to remember all the different passwords. We have many legacy applications and they had different password policies that were not always as strong as they should be. Now, however, we have one password for all the applications, and one password policy.

What needs improvement?

Cross-domain authentication.

For how long have I used the solution?

Approximately 7 years.

What was my experience with deployment of the solution?

Yes - we face a few issues, related to our configurations and networking.

What do I think about the stability of the solution?

No

What do I think about the scalability of the solution?

No

How are customer service and technical support?

Customer Service:

7/10

Technical Support:

8/10

Which solution did I use previously and why did I switch?

No previous solution used.

How was the initial setup?

It was complex for us as we have multiple domains.

What about the implementation team?

We used a vendor and I would rate them 7/10.

What was our ROI?

The solution has smoothened the process of account provisioning and therefore our employees is productive from day one.

Which other solutions did I evaluate?

We looked at Oracle and a Microsoft solution with IDM.

What other advice do I have?

Try to get the maximum of using standard functionality of the product, and only do customization if you really need it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user3222
Manager of System Security with 501-1,000 employees
Vendor
A strong part of an integrated IAM stack

Valuable Features:

Tivoli Access Manager (or IBM Security Access Manager) is a fully featured web authentication, sso and authorization product.The product supports multiple user information repositories and also integrates with a variety of strong authentication solutions.Supports reverse proxy as well as adapters placed directly on web servers and app servers.Later product versions supports fine grained authorization as well as XACML based authorization configuration. The DP integration provides support for authn and authz for web services.

Room for Improvement:

Complex to install and run. Requires the full IBM stack to reach full potential.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user1062
Tech Support Staff at a insurance company with 501-1,000 employees
Vendor
IBM Tivoli Access manager is an SSO solution for an electronic business that manages (authentication and authorization) access to web services, applications hosted, and operating systems.

Valuable Features:

Tivoli access manager enables integration with user session management and Web Sphere Data Power in web services and web 2.0 environments.Authentication and authorization management for online business initiatives and portals implementations are centralized.Access controls for .NET, Java, Exchange servers and Microsoft Share point implementations are also centralized.Capabilities of advanced security are enhanced to support strong, flexible authentifications and authentications based on risks as well as critical internet vulnerabilities.Malicious, fraudulent, accidental behavior by staff and internal users are high level security threats that are prevented by Tivoli access manager.It also delivers Web SSO that is consistent with users on heterogeneous systems.

Room for Improvement:

You must be skilled to use Tivoli Access manager. I had to undergo training to use Tivoli access manager, which was another expense exclusive of the purchase, but it was worth it.

Other Advice:

Tivoli access manager securely manages access to critical data and applications to businesses, as well as convenient and fast access to systems by authorized users. It consists of a user registry and an authorization service, that includes an authorization engine and database, as well as a resource manager. It has a family for e-business, enterprise SSO, and operating systems. I have used it for two years now.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Single Sign-On (SSO) Report and find out what your peers are saying about IBM, Broadcom, Auth0, and more!
Quick Links