What is IBM Tivoli Access Manager?

IBM Tivoli Access Manager is a robust and secure centralized policy management solution for e-business and distributed applications. IBM Tivoli Access Manager WebSEAL is a high performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space. WebSEAL can provide single sign-on solutions and incorporate back-end Web application server resources into its security policy.

Also known as

Tivoli Access Manager, IBM Security Access Manager

Sample customers

Essex Technology Group Inc.

IBM Tivoli Access Manager Reviews

4.0 out of 5 stars

(15)

Lawrence Bishop

Infrastructure Specialist at a financial services firm with 5,001-10,000 employees

Jul 17 2017

I can integrate with in-house provisioning systems. The profiling element is complex.

Valuable Features: Single Sign-on functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites. These are heavily customizable and can fully integrate with in-house provisioning systems. • Improvements to My Organization: ... more »

Roopesh Verma

Senior Consultant at a tech services company with 10,001+ employees

Jun 27 2017

Authentication, authorization and risk profile are valuable features. It is one of the best products in the present market.

Valuable Features: Authentication Authorization Risk Profile MFA Federation Oath SAML 2.0 • Improvements to My Organization: We implemented MFA in way that helps us to reduce a lot work load in terms of reducing help desk call to reset password. • Room for Improvement: The... more »

Single sign on %28sso%29 report from it central station 2017 07 08 thumbnail thumbnail

Download Free Report

Find out what your peers are saying about CA Technologies, Okta, IBM and others in Single Sign-On (SSO).

Download now (FREE)

218,995 professionals have used our research on 5,617 solutions.

Jatin Vaidya

Senior IAM/ Security Consultan at a tech services company with 11-50 employees

May 29 2017

The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features.

Valuable Features: The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features. The URL-based access control has become more important due to the paradigm shift towards RESTful APIs, i.e., where URLs uniquely represent the resources to be protected. IBM TAM has a rich... more »

Security9ba6

Security architect at a tech services company with 1,001-5,000 employees

Mar 29 2017

It solves a lot of the problems with help desk calls and password resets.

Valuable Features: The Verify feature: A push method which customers are going for “Password-less” solution A very good demo to look at A very good solution to take to customers Solves a lot of the problems with help desk calls and password resets A very secure solution • Improvements to My... more »

Sivaji Kummamuri

Application Development Team Lead at a tech services company with 1,001-5,000 employees

Mar 16 2017

It is a secure way of accessing clients through various application portals.

Valuable Features: Simplified architecture Security • Improvements to My Organization: It is a totally secure way of accessing clients through various application portals for more than ten EU countries, just by using single sign-on. Moreover, its EAI makes customization easier with the... more »

Maruthi Pothuru

Middleware Specialist at a tech vendor with 1,001-5,000 employees

Mar 06 2017

Component integration, SSO capabilities and transparency are the most valuable features I have found.

Valuable Features: From my experience, most of the product features are meant for specific purpose(s) of its own demand and need. Implementing the feature depends on case to case, considering the organization's enterprise/middleware infrastructure design. TAM component integration and... more »

Sourabh Jaiswal

Technical Lead at a tech services company with 1,001-5,000 employees

Mar 02 2017

Uses automated provisioning to create users. I would like to see AngularJS support.

Valuable Features: Flexibility to connect with different environments and product stability are the best features. Connection: There are a number of players in the market and most of them have challenges with being able to connect seamlessly without customization to various data providers,... more »

solution228537

Solutions Architect at a tech vendor with 1,001-5,000 employees

Feb 07 2017

Reverse proxy means applications need only minimal changes to support SSO with ISAM.

Valuable Features: Several SSO methods are supported out of box. Federation based SSO (SAML / Oauth / OpenID etc) setup is easy. Very good performance and scalability. The internal STS token service can be used for custom SSO tokens. It is highly scalable and can meet high loads and... more »

Adrian Toth

Service Now Consultant at a tech services company with 51-200 employees

Multiple instances per component can be installed with load balancers.

Valuable Features: Some valuable features in this product are: webSEAL policy, proxy servers, LDAP server (IBM TDS). The modularity with which each component may run on a different host is valuable. In addition, multiple instances per component might be installed with load balancers. It... more »

Sathish Jetti

Tivoli Consultant at a government with 1,001-5,000 employees

AuthN and AuthZ mechanisms are built-in.

Valuable Features: Some of the valuable features are: Reverse proxy Protected object space Ease of integration Multiple and robust AuthN and AuthZ mechanisms built-in No single point of failure (SPOF) • Improvements to My Organization: It has improved the working of our... more »

Wim Thevelin

Iam Security Architect & Consultant at a tech services company with 51-200 employees

Acts as a reverse proxy, a single point for authentication and authorization. Advanced access control introduces adaptive or risk-based authentication.

Valuable Features: A number of new features, such as application firewall and load balancer, were added to this solution. These features are no longer available as a software version, but only as an appliance (virtual or hard). The same appliance firmware allows you to enable more features,... more »

Jeff Grossman

Principal Consultant at a tech services company with 1,001-5,000 employees

The auth and policy product has a reasonable LDAP implementation.

Valuable Features: Tivoli Access Manager's proxy product (WebSEAL) is extremely fast. The configuration options are mysterious and old-school, but they are a rich and small enough set that you can comprehend them and get it working right. The auth and policy product has a reasonable LDAP... more »

Virgil Nicolae

Security Team Leader at SYSM GmbH

It now is available a physical or virtual appliance. This simplifies the management a lot, and the deployment as well.

Valuable Features: Since a couple of versions back, the product moved to a different “mentality” I would say. Compared to when it was deployed as a software package, things are now much smoother in that direction. The product is coming as an appliance (either hardware either virtual). This... more »

Muhammad Arslan

Sales Engineer - Identity and Access Management at Sailpoint

The single sign-on configurations support multiple types of configurations, including FSSO, HTTP, SAML.

Valuable Features: The single sign-on configurations are unique to the product. They support multiple types of SSO configurations, including FSSO, HTTP, SAML. The most robust functionality for SSO is its EAI (External Authentication Interface) option. EAI allows customers to customize their... more »

Norio Chiba

Solution Architect Lead at a insurance company with 1,001-5,000 employees

It can map a user account in a domain controller to a web application's user account that has a different ID, in collaboration with IBM Tivoli Identity Manager.

Valuable Features: WebSEAL is a reverse proxy web server that performs authentication and authorizations. It is similar to CA SiteMinder Secure Proxy Server. The advantage of WebSEAL is that WebSEAL supports SPNEGO protocol and Kerberos authentication to support Windows desktop single sign-on.... more »

Download Free Report

Find out what your peers are saying about CA Technologies, Okta, IBM and others in Single Sign-On (SSO).

Download now (FREE)

218,995 professionals have used our research on 5,617 solutions.

Articles

Orlee Gillis

Content and Community Manager

IT Central Station

May 22 2017

Top 6 Identity and Access Management Solutions Q1 2017

IT Central Station’s crowdsourced user review platform helps technology decision makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.Our users have ranked the top identity and access management (IAM) solutions according to... more »

1 comment

Nelson CicchittoAdd Avatier Identity Management Suite to your list more »

Orlee Gillis

Content and Community Manager

IT Central Station

Jul 02 2017

New Identity and Access Management Reviews -- Q2 2017

What do users discuss in their identity and access management reviews from Q2 2017?What have their experiences been so far this year? In the excerpts below, users discuss valuable features and room for improvement for the following solutions: Oracle Identity Manager CyberArk Privileged... more »

User Assessments By Topic About IBM Tivoli Access Manager

Valuable Features

Single Sign-on functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites. These are heavily customizable and can fully integrate with in-house provisioning systems.

15 opinions »

Improvements to My Organization

Allows users to use a single password across a set of multi-tenant application suites. This would have otherwise required 50-100 unique passwords PER application. This allows the user to inject a centralized password (a.k.a. authentication service credential) with little ease and increased reliability. In turn, this removes the user element of the logon process, which is often the root cause of the invalid password attempts.

13 opinions »

Room for Improvement

The profiling element is incredibly robust but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available. The majority of the "IMS profiles" we use are too dangerous to touch without multiple engineers having oversight of a change and an incredibly thorough change management system. For clarity, an IMS Profile is the process flow in which the SSO component uses to recognize application screens, Windows and logon fields to be able to decide when to intercept and inject credentials into SSO managed applications.

15 opinions »

Scalability Issues

There were scalability issues with 8.0.1. Whilst we could build a new VM with the underline OS and prerequisites, IBM were always required to assist on-site as only they knew the complicated and fairly undocumented procedure to implement a new IMS server to the pool. In 8.2.1 this has been amplified ten-fold as the solution moved from Apache on Windows to IBM WebSphere on Windows, which is incredibly complicated and requires multiple levels of specialist knowledge. This makes it nearly impossible for our company to expand the number of nodes in the WebSphere cluster without accidentally introducing new issues in the said cluster.

15 opinions »

Technical Support

Technical support is very good, incredibly thorough, and if you have the right support agreement in place, it can be infinite. That being said, when raising a ticket, due to the complex nature of SSO, you need to provide a ton of technical details in the form of logs from the end point to the back end. These recycle at a very high rate, especially in larger estates so acquiring the logs is not always easy. For this reason, we've had some larger issues outstanding for quite some time. For supported versions, if the level 1-3 teams can identify the cause, they will either provide you with a hot fix that has been previously developed, give you in depth instructions on what needs to change, or refer the development team for a bug fix.

14 opinions »

Previous Solutions

We previously managed passwords without an SSO solution. The next step was an enterprise grade SSO solution. At the time, the IBM SSO offering seemed to fit the bill.

13 opinions »

Pricing, Setup Cost and Licensing

The IBM prices are, as ever, extortionate even with a business partnership and high levels of discounts. This is the same as with other IBM products.

10 opinions »

IBM Tivoli Access Manager Questions

Adena Fink

Community Manager

IT Central Station

We’re in the process of comparing IBM vs. CA. Which one is better?

IT Central Station is a fast-growing and trusted professional social network for users of enterprise tech solutions. Our mission is to provide professionals like you with valuable info from your peers. Use IT Central Station to exchange advice, access 2,500+ product reviews, and promote your... more »

5 answers

Cindy GravelyI feel that IBM is the better product due to the complexity of the components... more »

Jason MacyBoth companies rely on legacy acquired technologies with little new... more »

Jyoti BhattacharjeeI agree with both Jason and Timothy's remarks. Neither IBM nor CA is free of... more »

IBM Tivoli Access Manager Projects By Members

Check out these projects from our community members.

IAM Deployment

IBM Tivoli Access Manager Consultants

Request a call with one of our top consultants and experts in IBM Tivoli Access Manager. (Add me to this list.)

Points

Mandar Deshmukh

Consultant

A results-driven and customer-focused Software Engineer with 11+ years of IT experience. A Engineer with very strong understanding of IAM concepts and processes and experience in the design and/or architecture of complex security and IAM solutions as well as products. Last 10+ years working in... more>>

Reviewed IBM Tivoli Access Manager: WebSEAL provides a large number of authentication...