Administration of the product can be improved a lot. IBM has taken care of this in good manner in release 9.0.

Product documentation, especially the new version 9.0, should be improved to give a quick understanding of product components and features.

View full review »

Due to a constraint of the built-in browser in a Handy phone (called NTT i-Mode), the former version of TAM could not be used in the Japan market. The issue was resolved by the decline of Japan-specific Handy phones.

Cookies were not supported in i-Mode browser ver.1, which had the highest market share in Japan. Hence, sessions between that browser and WebSEAL could not maintain the session state using a cookie. The constraint had widespread implications. Some examples: re-authentication, session affinity, cookie-based failover mechanisms. Besides, IBM Japan declared that all browsers built in Handy phones were not supported officially in that version.

Rather than a weakness of the WebSEAL specification, that constraint was caused by the insufficient i-Mode browser specification, which was developed by NTT Docomo. Considering the negatives, we could not use WebSEAL for Handy-phone facing applications. (A workaround might exist, but the industry-standardized manner of using cookies was in our favor.)

View full review »

There is only a single step-up authentication path, but I have sometimes seen the need for several steps or a divergent path. It’s getting hard to find people willing to admit that they still write in C programming language.

View full review »

The Tivoli Access Manager v6.1.1 (TAMeB) came in a software form factor. It needed a separate LDAP server; and usually separate servers for policy/AuthZ servers and WebSEAL. Besides, for scalability purposes, WebSEAL is usually deployed on multiple front-end servers that are load balanced. For a large user base in a standalone environment, TAMeB requires at least 3 servers. For a simple HA environment, it doubles that number to 6. Now these factors affect the regular maintenance schedule and it becomes quite "bulky" from an infrastructure perspective.

Besides this, TAMeB in its software form factor has multiple software components to be installed in a particular sequence.

Hence, from a TAMeB deployment perspective, both these factors have scope for improvement in its current form.

View full review »

There are few things where there is room for improvement:

Log management via UI is one of the them. Automation can be achieved via REST API’s, for example, but in a small environment, when a customer is using the UI, for example, you cannot do a multiple selection of logs (to be deleted let’s say). Or a filtering of those.

A better/easier-to-use (user-friendly) interface. A more intuitive interface and menu navigation would be useful.

Rollback of FixPacks to be available via UI as well. At the moment, if you want to roll back a FP, you can do it only via LMI (appliance console).
Those would be my main requests to be improved.

View full review »

Cross-domain authentication.

View full review »

I would like to see the possibility to administer the appliances from one “master” appliance, instead of having to log in to each particular appliance.

If you have for example 4 appliances, two act as reverse proxy and two as master appliances (with policy server configured in HA) … If you want to administer these appliances, you must login into each particular appliance. It would be nice if you can administer all of them through that one ‘master’ appliance… avoiding to setup a direct connection as it is currently the case.

View full review »

The user interface for LMI needs improvement.

The Local Management Interface (LMI), especially for the older IBM Tivoli Appliance Manager (TAM) version, can be improved in terms of overall UI/UX and also, in terms of the performance of the monitoring dashboard.
The LMI for version 9 is much better in that respect.

An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help.

View full review »

Microsoft has active file handling where you can access different types of documents from the browser itself. This is not supported anywhere other than with Microsoft products. This is desirable, but not a show-stopper.

AngularJS is not yet supported. This could be a cause of worry, since we are seeing the emergence of many AngularJS scripts in webpages. I am sure IBM is working towards enabling it.

View full review »

Need better documentation on usage and admin tasks.

View full review »

The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available.

The majority of the "IMS profiles" we use are too dangerous to touch without multiple engineers having oversight of a change and an incredibly thorough change management system.

For clarity, an IMS Profile is the process flow in which the SSO component uses to recognize application screens, Windows and logon fields to be able to decide when to intercept and inject credentials into SSO managed applications.

View full review »

Older TAM versions are not compatible for connecting to a DB. I'm not sure if it is available in iSAM 8/9.

However, since iSAM 9 was released as an appliance model, I don't think having a DB as a TAM database directly makes any difference for the users.

View full review »

The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration. Also the federation capabilites are very limited.

View full review »

The self-service portal needs improvement.

View full review »

It happened from time to time, that is, after a long period without restart, the TDS/LDAP instances crashed and remained in a hanging state. A restart did solve the issue but the support was not able to find the cause, despite the fact that the latest fix pack was installed for TDS v6.3.

A similar issue came up when LDAP requests did cause performance issues on TDS or caused the TDS to crash.

As information on fixes and issues related to ITDS are publicly available, let me point you to the respective site:

You may notice, there are several issues listed, which lead to a crash.

Not sure, which one is/was ours, but please notice that TAM/SAM requires multiple software bundles to be installed (like GSKit, Java SDK, WAS, DB2) – each of them having issues.

View full review »

TIM logging

View full review »

Since ISAM 7, and especially version 8 IBM has moved from software-install to appliance based (virtual or hardware) this really improves the speed of new patches and releases. IBM promised to release a new appliance-firmware every quarter, so far they kept their promise.

View full review »

• Installation and configuration.
• If you don’t know the requirements of the supporting components, it could be complicated to install and this has been improved in the later versions that are renamed to IBM Tivoli Security Access Manager.
• Also the knowledge base articles on the internet are limited.

View full review »

Redundant Policy servers had to be manually configured using LB.

View full review »

Complex to install and run. Requires the full IBM stack to reach full potential. View full review »

Multi-factor authentication with social integration needs to improve.

View full review »

• Multi-source authentication
• Common configs: These need to be moved into a single config file at the appliance level

View full review »

The user interface looks like it was designed for technical personnel only. The interface is part of the WebSphere Admin console. A lot of configuration, including those for SSO, are done through scripts and config files. The GUI could incorporate these configurations.

View full review »

Web Portal Manager does not implement the full set of functions found in the command line

View full review »

This product is also available in the appliance offering which has not yet matured and has many issues. Most of the time application of fix-packs cause problems to existing functionality. Also, all the features of the product are not available in the appliance version. Lastly, there is huge room to improve the administration UI to make more user friendly.

View full review »

I am pretty happy with the outcome so far this year. We have yet to hear from the customers. I have not updated it myself and I have not done any work with customers. Looking at their roadmap, they have a broad grasp of the security features which the industry needs.

View full review »

The whole product could be made into one suite instead of multiple components which are essentially a part of the same infrastructure.

View full review »

There is always room for improvement in all areas.

View full review »

You must be skilled to use Tivoli Access manager. I had to undergo training to use Tivoli access manager, which was another expense exclusive of the purchase, but it was worth it. View full review »