Symantec Identity Governance and Administration Reviews

The most valuable features are role-based access and identity provisioning, which allow a single point of user access to multiple places.

It’s provided us a single point to create users and then provision them to different sources so that they have access to them without having to login in multiple locations.

It has a large footprint which you'd expect to be much, much smaller. Just to run basic services, we have 10 different servers. Also, if it were easier to manage, that'd be useful.

We had no issues deploying it.

We’ve uncovered some bugs while working in it. CA has -- and still is -- working with us to resolve those issues.

We haven't really had any issues with scalability, but we have an older version of it where we’ve had to customize it to an extent.

Their engineers know our environment very well. We're able to get personal support with specific engineers when we make such a request.

The initial setup is very complex. In fact, it took a while to get through the entire setup and we’re even adding to it now. CA has even been on site to help us.

CA is great to work with, but to use it, just learn the product suites and how the individual products interact. Make sure you have a good layout and you have everything you need.

We had a big problem with accounts synchronization provision as we used a very old identity manager solution, and we needed to change it. Then we acquired the new CA solution and we changed the solution. 

It was a big challenge to change in only four months to CA Identity Manager, but we did it. Now we have accounts synchronization and self-service password reset. 

Over the next two years, we will implement a new solution with CA for the accounts to put in Identity Governance. We need to implement 70 new systems inside Identity Manager.

We use CA products because we have specific programs. For example, we use IBM WebSphere, and Identity Manager works with it. We implement and both sides achieve development and production, and we consider higher capability.

My team doesn’t have much experience, so we need to hire a professional to work with us on site every day. This is difficult. I have 2700 servers and we have another project when 90% is obligated to use them but only 10% is a physical server.

At the moment, stability is so-so. We implemented this solution last month and the CA professional worked with us every day and made some configuration. I think our level of stability is normal for this stage.

We made a request for a proposal to which IBM, Oracle, ISA, and CA responded. CA and Oracle were proven because the other ones didn’t agree with the time, four months, which is a big challenge. When my architecture team and security team checked the solutions, CA has a better score than Oracle, and they had a better price.

You have to plan what you need. I had a bad experience in the past with an Oracle solution as my last company didn’t know what they needed. It's important to know what you need and where you can go. You need to have your systems and your integration prepared. We have had some surprises.

We are using the IDM solution for customer identification and authorization. We just started the project about a year ago. We have already implemented IDM on our website and our mobile applications. So far it's looking good. It's an interesting question because what we are getting back from our customers, they're quite afraid of what's happening because we have actually gone down from three identifiers on our website to two. In our mobile applications, we are now enabling one identifier and we have just implemented fingerprint recognition. Our customers were calling us and asking "look we are seeing cyber attacks happening, identification being stolen all over the world. How are you actually going down and using only this parameters for identification?"

I think that the CA product enables us to do that. Get more security with lesser need of user identification.

There are actually quite a few nice things on the CA roadmap in the future. I think to have ability to enable our customers to have different roles, because we have customers that they can be a private customer, they can be part of an organization or a corporation and they need to have different roles. I think that's still something we will see in the future. We have some basic product to do that and we are starting to implement it but it will take us some time to get there.

It was a journey because when we started the project, we had trouble. We couldn't get the system easily installed, up and running but over the time we installed a different project from CA. Which is called Wiley [CA APM] which really enabled us to get things smooth, up and running and for the past 6 months we haven't had any defaults in the system.

We started off with 10,000 customers on system, it looked good. Now we have about 1.6 million customers on the system, no problems at all.

We had a technical support locally in Israel from CA but we were referred to CA Laboratories Worldwide. We had good support from them.

Cyber security in these days is a very important issue as we all know. We had an old system, we saw that we cannot move ourselves into the digital age, the banking digital age, without a robust system that will enable us the capabilities we needed. We started looking around for a new platform quickly. We sorted out that CA's the best product for us and that is really the product we are based on to do our digital transformation in our bank.

Since we are discussing a very vulnerable system which would actually be the front-end for our customers, at the end of the day. We had to take it really slow and we got the system up and running, co-existing with our old system. We did a lot of tests, we had, as I said before, a few customers on the system before we actually started to deploy. It took us about 8 months to get things up and running smoothly. Then we had the confidence to really migrate our customers to the new system.

We have long, long list of parameters that we, of course, check. It's about 5 pages of criteria and of course robustness, the ability to go forwards as a system over long years. Transforming to such a system is a very long process. We want to have a system that can be up with us for at least 10 to 15 years. We checked it quite thoroughly, we of course talked to other organizations that had the system. We think we had made a good decision.

As it looks for now, it looks as an 8/10. I believe that it can go up to 9 and 10 in the future. I think that stability issues in the beginning of the process are a major thing. Getting the system up and running smoothly took us quite a few months. The main area would be the security area of course. Even our own employees, for example, cannot see customer data on the system. It's all encrypted so we don't see passwords, we have limited viewability of what's happening on the system in the security areas. I think that the system that's built to disable our own employees from data leak prevention aspects, almost unable entirely to take our data out of the system and share it with someone. That's a main factor having a security system in our organization.

Managing identities at a financial services institution.

We're implementing it currently, so I have no real measure of how it's going to perform, but so far so good.

• Streamlines user access
• Consolidates applications
• Access in one place

User access control.

Customer reporting. One of the big things we had asked for is for the Identity tool to actually do more kinds of reporting for audit purposes. It doesn't really track any of the metrics that are useful to us, at this point.

Can't comment yet. Not up.

I've used Identity Manager before for a different client. The scalability is good.

Tech support is very good. We actually have a CA team onsite.

The client is using different solutions for different things. So they have instances of a number of different tools that have the same functionalities as CA, but for different items. So yes, they did have other solutions as well.

Most of the complexities are because of the business itself and the complexities that they have within their current infrastructure. The complexities are not really coming from CA's product.

I was not there when they made this selection. I'm sure they evaluated the normal ones, SailPoint, CA, Oracle.

It's early but so far I give it a seven out of 10. Most of the issues we've had with it are coming from business complexity rather than the product itself. The support's been good from CA.

In terms of advice to a colleague who is looking for a similar solution, that's difficult because I've done SalePoint and CA. It's up to them. It's based on the organization itself, so they have to do more evaluation than what I can provide for them. I'd recommend they do their research and pick what's best for them, but I'd say we have no problems with CA's software.

The most valuable features of this product are the following:

1. Policy Xpress
   Allows for the ability to build policies triggered off of events in a codeless manner.
2. Separation of Duty (SOD) policies
   Gives the ability to create roles and/or policies with a criteria for removal or addition of a role, policy, or an entitlement based on the user’s title as an example.
3. Connectors
   IDM has a rich set of connectors that covers traditional on premise, SAAS related, or custom resources. IDM provides the ability to create a custom connector through its Connector Xpress module. The module itself allows one to build a connector to any resource that is either LDAP or database driven. Once again this process involves no coding for the task.

I'm an integrator, and as a result I deploy solutions in behalf of an organization. IDM improves the organizations ability to govern the life cycle of an end user. The life cycle starts with the on-boarding of an individual to the organization, whether it’s a contractor, consultant, employee (full or part time), or a partner. The life cycle ends with the departure of the individual from the organization. Everything in between is about managing the user's access, permissions, profile, and evolution from an identity stand point. We (Mycroft) advise and implement the necessary user cases that drives the successful central management of identities for an organization. Plain and simple, IDM provides the automation that allows the IT and respective business department(s) to focus in on other pressing needs while IDM standardizes the identity practice.

The areas of this product which requires improvement are as follows:

1. The User Interface (UI)
   The User Interface has been improving over time and there are products such as IDMLogic Sigma that improves upon the user UI experience.
2. Its delegation model
   While IDM has the capability to delegate, the delegation process is not intuitive or forthcoming to the clients. The delegation model is present but it’s not a straight forward model to design against.

These two areas are the ones that stand out, as I probably developed a tolerance over the years for any other if others do exist.

Eight years.

Yes, but deployment issues are hardly product installations, but rather retro-fitting the installation to the core principals of the organization. Anyone can install the product within a 20 minute window in an ideal scenario. Each organization has environmental complexities and business policies that at times causes issues with the deployment.

No issues with stability.

No issues with scalability. Typically deployments are done with an assumption that an organization will grow by a certain percentage in the foreseeable future. As a result the architecture will adhere to the growth plans accordingly.

Technical support has drastically improved over the years, as a result I would rate them at 7.5 and climbing.

While I implement solutions for organizations, I witness switches for the following reasons:

• Staff are no longer knowledgeable on the solution as a result of staff turnover over time
• Product configuration has not been maintained to support needs of the business over time
• Vendor Support and direction
• Cost model
• The direction of the organization and its relationship with other vendors

In my experience, the posture of the setup has a direct correlation to the use case mapped to the feature set and functionality. There are numerous ways to implement a solution, but the level of complexity stems from the ability to simplify the requirements and work with the business on compromises. All organizations have security and business policies that they mandate by or govern towards. As a result, the initial setup or configuration is a direct by-product of how the use case is socialized into the product. At times, some business processes should not be subjected to IDM at all. unless there are compromises to how the business flow is managed. Understanding this basic idea and product limitations go hand in hand.

The ROI on CA IDM is a result of the following 3 areas:

1. Employee productivity
   Faster onboarding process and provisioning. The ability for end user to perform self-service password resets and utilize an access requests system.
2. IT cost savings
   The ability to focus less on traditional cost areas around password resets, user on-boarding, and essentially the whole user life cycle allows IT to spend on other technical areas wisely. Cost savings to IT is not only how to save but also how to re-purpose the funds to other needed areas.
3. Cost avoidance.
   Potentially recovering from security breaches or violations and the cost to recover from them. Centralized management introduces efficiency that leads to shared resources not redundant work throughout an organization.

We use the product for advanced authentication, identity and access management, and governance.

The product’s most valuable feature is flexibility. It can be customized as per the customer’s requirements.

The product works slowly while accessing cloud-native solutions. They should work on their ability to integrate with third-party vendors. Additionally, cloud networking features and Azure, AWS, and GCP integration are needed.

We have been using Symantec Identity Governance and Administration for several years.

The product is stable.

The price is flexible for our existing customers.

We have evaluated many open-source tools.

I rate Symantec Identity Governance and Administration a six out of ten. It is suitable for enterprise customers.

We use the solution for general life cycle management, account provisioning and six petition processes, the regular IGA stuff.

I feel the provisioning to be done well. The model offered is very good and customizable. 

The interfaces need to be revamped. They are too antiquated. This is the biggest issue I can think of.

I rate the support as a solid C. Of primary concern is that there are not too many people employed nowadays with the requisite support knowledge. Since we are talking about an increasingly antiquated product, it is likely neither easy, nor desirable, to train support staff with the requisite knowledge. The support at the moment is not very efficient. 

It would be nice to see a size version of the solution, a cloud version. 

The solution is not the best or the fastest available. 

The solution is rather stable, but not remarkably so, as there are certain persistent bugs which tend to be present from one version to the next. 

The initial setup is rather complex. While they've made efforts to improve this and there's a separate version that comes with a pre-package model, the process remains, nevertheless, complex. 

We have been using Symantec Identity Governance and Administration for 10 years.

The solution is rather, but not remarkably, stable, as it is plagued by a number of bugs which persist from one version to the next. 

The solution is easy to scale. It requires a certain amount of configuration which surpasses the norm, but it takes a rather nice load. 

The support could be greatly improved. As the solution is becoming increasingly antiquated, there does not seem to be a capability or a desire to provide support staff with the adequate knowledge. It is inefficient. This is why I rate it a C. 

In spite of the efforts that have been made to improve the initial setup process, and the inclusion of a separate version that comes with a pre-package model, I still find it to be rather complex. 

I used to work for the vendor and this is how I acquainted myself with the deployment process. 

While the deployment does not entail specific maintenance, it does a certain amount of data maintenance, as is required of any product. One must monitor his processes and ensure that everything is running smoothly. While this will, obviously, depend on the number of integrations one has, it is no different in this respect than that of a regular application, the only difference being the tendency to be more critical to the general infrastructure. 

We have four or five people responsible for the maintenance. 

I do not recall the approximate prices or licensing models, although I do so that it was priced per user number. As there were certain drastic cutoffs depending on the volumes, the values had much variance. 

I am not certain of the number of users who are making use of the solution in our organization, although I believe there to be four or five when it comes to my European colleagues. Globally, there are probably more. 

I would recommend this solution to others, since it gets the job done. While it may not be the best or the fastest solution, it is a work machine, so it is good enough. 

I rate Symantec Identity Governance and Administration as a seven out of ten. 

It has improved our user management. It is definitely streamlined.

Writing policies and provisioning are easy.

Policy writing and provisioning are easy, but should be improved. Provisioning has a dependency on Windows.

No, we have not.

No, we have not.

 I would say they are good, but there is always room to improve.

Yes, custom codes. It was not as reliable as CA Identity Manager.

It was complex with lots of requirements.

It is expensive, same as the other tools in the market.

I prefer Oracle Identity Manager, which is more stable. 

Get the latest version and good architecture before implementing the solution.