We just raised a $30M Series A: Read our story

Symantec Identity Governance and Administration OverviewUNIXBusinessApplication

Symantec Identity Governance and Administration is the #4 ranked solution in our list of top User Provisioning Software. It is most often compared to SailPoint IdentityIQ: Symantec Identity Governance and Administration vs SailPoint IdentityIQ

What is Symantec Identity Governance and Administration?

The Symantec Identity Governance and Administration (formerly CA Identity Suite) provides comprehensive identity management and governance capabilities with a simple, intuitive user experience. This user experience can dramatically simplify processes such as user access requests and access certifications, resulting in improved productivity and user satisfaction. In addition, the Symantec Identity Governance and Administration performs risk analysis and certification and enables remediation actions in real-time during the access provisioning steps, thereby improving audit performance and risk posture with preventive policy enforcement.

While providing these business and governance-centric capabilities for business users, the Symantec Identity Governance and Administration also delivers core enterprise-grade identity management and governance capabilities, including broad provisioning support for on-premise and cloud apps, extensibility and flexibility to integrate with other IT systems and consumer-grade scale. This means organizations are not forced to choose between usability and performance. With the Symantec Identity Governance and Administration, they can have both.

Symantec Identity Governance and Administration is also known as CA Identity Suite, Symantec IGA, Layer7 Identity Suite, CA Identity Manager (CA IDM), CA Identity Minder, CA IAM, CA Identity Manager (CA IDM), CA Identity Governance.

Symantec Identity Governance and Administration Buyer's Guide

Download the Symantec Identity Governance and Administration Buyer's Guide including reviews and more. Updated: October 2021

Symantec Identity Governance and Administration Customers

Acciona, Core Blox, DBS

Symantec Identity Governance and Administration Video

Pricing Advice

What users are saying about Symantec Identity Governance and Administration pricing:
  • "I do not recall the approximate prices or licensing models, although I do so that it was priced per user number."

Symantec Identity Governance and Administration Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
MostafaBasha
Operation Risk Senior Manager/CRO at I-SCORE
Real User
Top 20
Offers out-of-the-box connectors that have a lot of opportunities for configuration

Pros and Cons

  • "Out-of-the-box the product has a lot of opportunity for configuration and sophisticated identity management capability."
  • "Although the capabilities are there, the user interface needs to be redesigned and the opportunities for integration should be improved."

What is our primary use case?

The primary use we have for this product is dividing access into streams. We have to provide the client organization with group and directory structures. The technical part, or provisioning, always seems to be more of a problem because the client companies have some semi-manual processes that depend on human interaction. This is often for something like disabling users, creating new users or changing roles.  

Of course, provisioning takes a lot of time because it involves accurately defining and managing privileges. It includes accounting for all the access types from temporary access to agile access and also risk evaluation. All these things are often handled through a business process where a lot of the activity is done manually before a solution for automation — like CA Identity Manager — is in place. The agent for CA can handle criteria and rules and has templates for these activities. In short, it can handle these situations automatically starting from the HR Assistant included in the core suite to do recruitment or provisioning of users, and allowing basic access to things like email.  

Leveraging access depends on which group a user is in and which business rules should be applied. There are often a lot of access attempts on what should be restricted resources. The client has to provide the rules to define which users have access. If there is no rule in place the issue has to first be identified and then to go through a process of approval in an appropriate department. This may lead to a need to change the access process and maybe go back again to think further about the business rules. When all the right rules are in place the processing can be handled automatically by CA IDM.  

After you change something and test the process again, you can find that there are exceptions and we do not have all the rules in place to handle them. Then the identification and approval process needs to be adjusted on the system again. This, of course, is done with manager approval and the rules have to be examined. We need to repeat this process for the entire site. It is a business process improvement that takes time but will eventually save time by eliminating human intervention and errors.  

So the main use case is provisioning and access and implementation for security reasons. For example, if you request the use of an application and it is approved, the identity manager learns this and the user is then able to access this application.  

What is most valuable?

Out-of-the-box connectors have a lot of opportunities for configuration. The governance port and business rules are difficult. At a certain point, the product discovers dormant accounts because it monitors which accounts are active but which are not being used. So it will perform some service on these dormant accounts that are not active for six months or maybe never used before. This is a good feature. We also have a dynamic workflow, with approval stages which helps validate the ID.  

They have a form designer, which is good because you can create exactly what you want as far as access controls. They have value-added modules like the one they have for asset management. This means that when you are in the role of a manager in CA IDM, you are able to restrict access to certain types of laptops — maybe by mobile provider, maybe by core type. So if a user tries to access the system with an asset of a certain type, we can allow it. It is a value-add, not necessarily related to the user distinctly. But if you take it from the point of view of asset management, it also helps in tracking the assets, which is another interesting outcome.  

What needs improvement?

As far as improvements, the first thing I think CA needs to do is redesign the user interface. The functionality is good but the interface itself is not that user-friendly.  

I think also that there are some issues with the privileges of service accounts. For working with Oracle, we need some kind of service account with administrative privileges. Access works when we give the user account administrative privilege. But in some cases, particular access needs to work for user roles that have less than administrative privileges and these users and rules need to be stored in the database. I need the ability to directly configure users and rules store on databases.  

Maybe it is more complicated and related to Oracle services — I do not know the database side as well. But we need to read and write on the rules table and the users tables and store that data in the database.  

Otherwise, the product has good performance and it is a very capable solution. I can automate a lot of processes related to provisioning users and identity management, but the controls can be even more flexible with these few changes.  

The deployment cannot be pushed through the management console when you define the credentials for a user that can connect to the endpoint. It would be easier for deployment if the service could look at the endpoint or data center and detect what is needed to push this deployment based on the application version or based on whatever the operating system is. Things like that can make a difference at times.  

If they can customize by the customer, it means that if someone upgraded their environment, the client does not have to go back and request the version of an executable for a new OS. The result is that the correct executable will be deployed by the agent.  

For how long have I used the solution?

The last time I used CA Identity Manager was in May of 2019. Actually I was not using the product, but I was working with it in implementation. My job sometimes gravitates to implementation in the form of policy implementation and technology implementation. In order to do implementation, I had to have a good knowledge of CA IDM technologies as far as the connectors, the components, and integration ports, et cetera.  

I was dealing with CA IDM for seven months. In the process, we had to go through the basic procurement, the deployment, the provisioning of the users, the integration of the second phase for the government and business rules, as well as other configurations. I have had to think through all of this with the available capabilities of the product and made sure everything would work. The last component that involved analytics was not something I was involved in. I did not work on that part, but I know the analytic features are good.   

What do I think about the stability of the solution?

My impression of the stability of CA IDM is that the product is very dependable. They have a good HA (High Availability) design and good DR (Disaster Recovery) for data transmission and security in all situations.  

The deployment is very good. After you set up a new component you just go to the console and access the component you need to make adjustments to it at the console. The high availability works on active-active so it does not require a switch automatically to the other component because they act simultaneously. And, of course, we can also work with active-passive mode if you make that choice.  

I am not sure that this type of node management is an advantage to most users or not because in IT management you may not need this type of high availability design depending on the industry. But the capability is there and it can add stability to the infrastructure.  

What do I think about the scalability of the solution?

I did not specifically examine scalability during the implementation because I did not have the chance or the necessity. We were in the process of considering all that we needed and not what would happen if we needed to scale to expand the system. From what I remember, we also had plugins that we could have installed so maybe the availability of plugins is an example that it is scalable in the sense of functionality.  

But I think, with CA, that the scalability is fine and it is exactly what an organization will need as they grow. We are not involved in really scaling the product when we are deploying it.  

For availability, I think you can definitely scale up as much as you want because you deploy the clients and the endpoint or the console. So in this way scalability works from an availability standpoint.  

For scaling the functionality of the product itself, I think it will need some other kind of intervention or maybe new development. It depends on what you need and what they already have in the form of plugins. I know they have an API but we did not need to work with it for our purposes. With the API's you can extend the functionality outside the original identity.  

During the process with a particular client that I have in mind, we argued about the starting point for the verification and whether it should be the HR system or the identity. This is a business decision that has to comply with the rules and business processes as defined by the organization and any regulations that apply. The question has to be answered before a solution can be put in place. With this client, we agreed that the starting point was the HR system, and one of the proposed solutions was that the HR system would call an API to perform the provisioning for identity. That was one possible approach. The second approach to working with identity was to install an agent on the HR system that could be run on a schedule. This solution is what we settled on and we agreed that this would be scheduled to run once a day, which is more than enough for what they needed to accomplish.  

Because we chose the second approach we did not go for working with the APIs. The approach would be to run the process once a day on schedules like when most of the system resources would be in minimal demand — for example at the end of the workday. This would be done to check each employee for those that were added, transferred or changed privileges. And then an automated adjustment would be done for functionality and organization based on the established rules.  

This is the kind of flexibility you have in deciding processes for an enterprise business — even a very complex business with demanding requirements. It shows another type of scalability.  

How are customer service and technical support?

I did not have a chance to contact support personally, so I can not talk about how my experience with them was from a personal point of view. However, the people on the team right now working on projects who have called support said they were helpful. They have a good understanding of the product and seemed to have a lot of experience. I do not know what kind of resolution the members of our team were looking for from the support people. It might have just been for more information or troubleshooting or some type of issue resolution. But our company has had experience with the CA technical support team and from what I know the experiences were good.  

How was the initial setup?

The initial setup is not that difficult. We deployed the components and deployed the agents. This is just the basic framework.  

Our deployment took seven months because the design phase is very complicated. We need to collect information for the access matrix, we need to validate, and we need to do some kind of cleansing. So, it is a very intensive task. Mainly it is the design which takes most of the time, not the basic deployment. The difficulty is in the business logic, the business rules, and the cleansing of users.  

Working with the system is an ongoing process. When users request a type of access, there are only two paths. One of them is to grant access and the other is to deny access. For the denial, we may have to go through a long approval process which requires some justification for the requested access.  

The implementation team that we use is divided between different roles. It is not a very big team but it represents different functions in the operation. There are the technical people, the people responsible for identity management, those responsible for manual processes, the people responsible for revision to the business logic, the people responsible for validating the access matrix, the risk evaluation people, the IT people, the operations group, the compliance people, and, of course, HR. So we are talking about a sustainable team of maybe 12 people involved in the implementation activity, but up to as many as 20 may be needed for approvals or other consultation. A lot of parts of the company are involved with the implementation process and defining business rules, all for different reasons and functions.  

What about the implementation team?

We are the ones who do the implementations, so we are the ones that others contact to perform this service.  

What other advice do I have?

The advice I would give to others who are looking to implementing this product would be to define exactly what you need before the implementation of the solution. This is a key factor. If you need to change the deployment after it is deployed — such as the policies or structure — it is not a matter of just changing the configuration. It is more like you are starting from the beginning. If you have questions related to what needs to be addressed they need to be answered first. The way we deploy this is as a black box appliance. So it would be defined once. Even the IP cannot be changed. To make this type of change, it would have to be deployed again.  

The biggest lesson I have learned from working with Identity Manager is that despite the product you use, the implementation is a process. You have to understand the process to see what activities do not give you value and also what activities serve to complicate the process. If you take the easier route and work with the standard deployment as much as possible, it will be more secure and faster. You need to see everything as an activity. So despite the impact that the product has on working with identity management, it is a process because the result is not to be blamed on the product at the end.  

On a scale from one to ten where one is the worst and ten is the best, I would rate CA Identity Manager as an eight. To make this product closer to something like a ten they have to pay more attention to integrating with other solutions. Currently, CA is integrating is with CA products only. In some cases, there are categories that CA does not compete in, like Service Manager, so they should pay attention to out-of-the-box integrations with non-competing services.  

They definitely have a problem integrating with solutions that compete and this is really another problem. Really, this type of integration would allow users of their product to have more flexibility. They could choose their own solutions which may better fit their needs. In one instance, we had to end up using different solutions for managing internal personnel accounts and managing normal users. This is not convenient and can be expensive. So I think they have to be more open to broader integration and simplifying those processes.  

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PD
Delivery consultant at a computer software company with 10,001+ employees
Consultant
Top 20
Easy to scale, but lacks an up-to-date interface or knowledgeable support staff

Pros and Cons

  • "The solution is easy to scale."
  • "The solution is not the best or the fastest available."

What is our primary use case?

We use the solution for general life cycle management, account provisioning and six petition processes, the regular IGA stuff.

What is most valuable?

I feel the provisioning to be done well. The model offered is very good and customizable. 

What needs improvement?

The interfaces need to be revamped. They are too antiquated. This is the biggest issue I can think of.

I rate the support as a solid C. Of primary concern is that there are not too many people employed nowadays with the requisite support knowledge. Since we are talking about an increasingly antiquated product, it is likely neither easy, nor desirable, to train support staff with the requisite knowledge. The support at the moment is not very efficient. 

It would be nice to see a size version of the solution, a cloud version. 

The solution is not the best or the fastest available. 

The solution is rather stable, but not remarkably so, as there are certain persistent bugs which tend to be present from one version to the next. 

The initial setup is rather complex. While they've made efforts to improve this and there's a separate version that comes with a pre-package model, the process remains, nevertheless, complex. 

For how long have I used the solution?

We have been using Symantec Identity Governance and Administration for 10 years.

What do I think about the stability of the solution?

The solution is rather, but not remarkably, stable, as it is plagued by a number of bugs which persist from one version to the next. 

What do I think about the scalability of the solution?

The solution is easy to scale. It requires a certain amount of configuration which surpasses the norm, but it takes a rather nice load. 

How are customer service and technical support?

The support could be greatly improved. As the solution is becoming increasingly antiquated, there does not seem to be a capability or a desire to provide support staff with the adequate knowledge. It is inefficient. This is why I rate it a C. 

How was the initial setup?

In spite of the efforts that have been made to improve the initial setup process, and the inclusion of a separate version that comes with a pre-package model, I still find it to be rather complex. 

What about the implementation team?

I used to work for the vendor and this is how I acquainted myself with the deployment process. 

While the deployment does not entail specific maintenance, it does a certain amount of data maintenance, as is required of any product. One must monitor his processes and ensure that everything is running smoothly. While this will, obviously, depend on the number of integrations one has, it is no different in this respect than that of a regular application, the only difference being the tendency to be more critical to the general infrastructure. 

We have four or five people responsible for the maintenance. 

What's my experience with pricing, setup cost, and licensing?

I do not recall the approximate prices or licensing models, although I do so that it was priced per user number. As there were certain drastic cutoffs depending on the volumes, the values had much variance. 

What other advice do I have?

I am not certain of the number of users who are making use of the solution in our organization, although I believe there to be four or five when it comes to my European colleagues. Globally, there are probably more. 

I would recommend this solution to others, since it gets the job done. While it may not be the best or the fastest solution, it is a work machine, so it is good enough. 

I rate Symantec Identity Governance and Administration as a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Symantec Identity Governance and Administration. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,721 professionals have used our research since 2012.
Alfredo Silva
Experience Design Lead and Strategist at a consumer goods company with 51-200 employees
Real User
Top 5Leaderboard
Combines simplicity with enhanced security, but offers weak integration capabilities

Pros and Cons

  • "It's a very useful tool that has improved our client's security, from day one."
  • "Integration capabilities with other solutions and formats, including JSON, could be improved."

What is our primary use case?

We provide technical expertise for some of our clients. I've worked with thousands of clients.

I work with both small clients (1,000 users) and large clients (100,000 users). Our clients use this solution every day. With people constantly being hired and fired, user access is always being granted to new employees and taken from old employees. We use this solution to decipher and determine user access.

Our clients collect information surrounding the access that many of their users have. Different users are granted different access and rights. We have a process that monitors and plans user rights in accordance. From the information that we compile using this solution, we then release a report to the manager who then determines the type of access a user gets. 

How has it helped my organization?

It improves security. It's a very useful tool that has improved our client's security, from day one.  

What is most valuable?

This solution is very easy to use. Once it's been configured correctly, it's very easy to use, but it's not an easy tool to configure. Technically speaking, you need a lot of knowledge to make it run properly.

What needs improvement?

All software has room for improvement. There are some features that could be added to make it even more user-friendly.

Integration capabilities with other solutions and formats, including JSON, could be improved. Integration is not easy at all. 

For how long have I used the solution?

I have been using Symantec Identity Governance and Administration since 2004.

What do I think about the stability of the solution?

The stability could be improved. It really comes down to proper monitoring — there are a lot of good replication processes behind the scenes. If there are problems with the monitoring, then there will be problems, stability-wise. 

What do I think about the scalability of the solution?

On a scale from one to ten, scalability-wise, I would give this solution a rating of seven.

How are customer service and technical support?

Personally, I don't think the technical support is very good. The technicians don't seem to have enough training and knowledge surrounding the solution — they don't have in-depth knowledge.

How was the initial setup?

The installation is easy, but system integration for specific clients is very complex because each client has their own use case. You have to really understand what a client needs in their environment to master this solution. In short, installation is very easy but customization is not. 

In most cases, deployment takes roughly two to five days.

Which other solutions did I evaluate?

As the final decision comes down to our clients, they are the ones who evaluate other possible options.

What other advice do I have?

I would recommend this solution, but only for small to medium-sized companies. It doesn't perform that well for large companies.

Overall, on a scale from one to ten, I would give Symantec Identity Governance and Administration a rating of seven.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Umair Akhlaque
Enterprise Solutions & Services Head at Duroob Technologies
Real User
Top 20
An extremely customizable solution that’s very stable and easily scalable

Pros and Cons

  • "There are many valuable features within the solution. The product is easy to customize. It’s also highly secure."
  • "The directory has room for improvement. Also, the dashboards and, in particular, the KPI dashboard that shows the current user’s information needs reworking."

What is our primary use case?

We have three primary uses for the solution. We use it to centralize  accounts and directories. We also use it for  new registration of our new employees and for users to self-reset password.

How has it helped my organization?

Our customers get ROI by implementing Self User Registration & Self Reset

What is most valuable?

There are many valuable features within the solution. The product is easy to customize. It’s also highly secure.

What needs improvement?

The directory has room for improvement. Also, the dashboards and, in particular, the KPI dashboard that shows the current user’s information needs reworking.

It would be ideal if they could consolidate the workflow. Right now, because everything is on a different workflow engine, seamless integration cannot happen. If the solution offers a single workflow engine and a single reporting engine for all security targets, that would be ideal.

For how long have I used the solution?

I’ve been using the solution for three to four years.

What do I think about the stability of the solution?

The solution is very stable.

What do I think about the scalability of the solution?

This product is highly customizable and flexible in terms of handling customer requirements.

How are customer service and technical support?

I’m not happy with technical support at all. It’s very limited.

Which solution did I use previously and why did I switch?

Nop

How was the initial setup?

With any identity management product, you’re going to have complexities, so the setup is not simple. It’s a complex infrastructure and implementation and it requires reasonable expertise from those handling the implementation.

What about the implementation team?

Our team of technical consultants implemented to customer site

What was our ROI?

Secure Automated Mechanism to have centralize directory to manage Users.

What's my experience with pricing, setup cost, and licensing?

Expensive solution & implementation takes time to implement

Which other solutions did I evaluate?

Yes 

What other advice do I have?

For an organization looking for an identity management suite, it’s the kind of tool you can invest in the long term.

For those considering implementing the solution, I would recommend finding the right partners who have the right implementation experience to assist. There is no doubt this product has capabilities. The important thing is to find someone who understands the business requirements. It’s really important because statistically, 70% of identity management projects fail. Most of the time the product has the capabilities but the consultant doesn’t have the ability to customize the solution.

I’d rate the solution nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
DarwinSolano
Solutions Architect at a tech services company with 201-500 employees
Real User
Top 20
A stable and scalable solution with useful features such as self-registration, self-service password management, and role modeling

Pros and Cons

  • "Self-registration and self-service password management are valuable features. The role modeling feature is also very useful. It allows you to model your enterprise role."
  • "They provide a framework to develop your own connectors. A connector is a piece of software that integrates with the solutions that are not a part of the support matrix. Currently, it is difficult to create these connectors in this solution. Other solutions, such as NetIQ Identity, provide a better way to create your own connector. Currently, there is no cloud version. It should have a cloud version."

What is our primary use case?

We offer solutions to financial and government institutions. Symantec Identity Governance and Administration is a part of our security solutions. We use it to create users and assign them privileges.

What is most valuable?

Self-registration and self-service password management are valuable features. The role modeling feature is also very useful. It allows you to model your enterprise role.

What needs improvement?

They provide a framework to develop your own connectors. A connector is a piece of software that integrates with the solutions that are not a part of the support matrix. Currently, it is difficult to create these connectors in this solution. Other solutions, such as NetIQ Identity, provide a better way to create your own connector.

Currently, there is no cloud version. It should have a full cloud version.

For how long have I used the solution?

I have been using this solution for about seven years.

What do I think about the stability of the solution?

It is very stable. There are no issues.

What do I think about the scalability of the solution?

It is easy to code into this solution. You just have to run a setup configuration and, in a few minutes, you have two services. In terms of the number of users, we have around 10,000 users.

How are customer service and technical support?

When I started working with this solution, I had some issues, and they helped me a lot. I don't have any issues with their technical support.

How was the initial setup?

Its latest version is very easy to set up. The deployment takes around one hour, and after that, you have to do some configurations. The duration for that depends on how many systems you have. It can take one or two months.

What other advice do I have?

I would recommend this solution to others. It is a great solution. I like this solution, and that's why I have been using it for seven years. I would advise others to do proper role modeling before implementing this solution. Role modeling is really important for any identity management solution.

I would rate Symantec Identity Governance and Administration a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
WA
Technical Support Manager at Future systems
Real User
Enables us to manage identities and environment controllers in order to make it more unified and standard

Pros and Cons

  • "I like that it is easy to diagnose. It has a version of a virtual appliance so we can download it, run it, configure it, and it would take about 10 to 15 minutes to configure the cluster or so."
  • "They should easier and better integration with other software."

What is our primary use case?

Our primary use case of this solution is for managing identities and environment controllers in order to make it more unified and standard. 

What is most valuable?

I like that it is easy to diagnose. It has a version of a virtual appliance so we can download it, run it, configure it, and it would take about 10 to 15 minutes to configure the cluster or so.

It's easy to deploy, it's two versions, the manual deployment version, if it can be prepared in clusters it'll take one or two days. But the software appliance will take from 15 to 20 minutes.

What needs improvement?

They should easier and better integration with other software. It's hard to create custom integration rules with other software, like Oracle. This needs to be improved to give the customer an easier way to integrate.

For how long have I used the solution?

I have been using this solution for the past two to three years. 

What do I think about the stability of the solution?

It is stable. If I had to rate the stability from one to ten, I would give it an 8.5.

How are customer service and technical support?

Technical support from CA is not very good. I would give them a seven out of ten for their assistance and their knowledge. They could use improvement. 

What other advice do I have?

I would rate it an eight out of ten.

To make it a ten, it should have more remote capabilities. There should be better partnerships with remoting tools. They need more remote partners and better dashboards.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Symantec Identity Governance and Administration Report and get advice and tips from experienced pros sharing their opinions.