I'd rate the solution at a nine out of ten.

I would recommend the solution to others. If they want to have a secure, stable solution for a single sign-on that supports Java, ASP. Net, and most of the web-based applications, I encourage them to go with this product. However, a company must make sure that they have the right people to implement it properly.

It is a decent solution. CA is focusing on improving the stability of this product and their future roadmap looks quite promising as well. Companies should invest in this product and should think of it as a competitor.

When selecting a vendor, we focus more on the technology standpoint; how flexible the product is; how much customization we can do; the support availability.

It depends on what requirement is the most important to them. Is the Cloud the most important thing to them; or is in-house important to them? The main consideration is what issue are they trying to address? If they're trying to address the user experience, everything holistically: CA, Oracle, RSA, they're all, again – it all depends on the relationship and what CA provides.

It is very important to educate yourself in regards to the capabilities of this product by interacting with CA or attending conferences like CA World as they give you an insight about all that the product has to offer.

Single Sign-On is a mature product and hence I would be confident in recommending it to our clients.

I think the relationship with the vendor is good, that they come to us for feedback. They ask us what we want to see in the product. I think is becoming better now than it has in the past with the community. I actually submitted a community idea, and within a year that was actually put into the product, so I think it's getting better in that regard. I would say first try to figure out what your business requirements are before you come up with a solution, and then look at what the solution is. In a lot of cases, CA Single Sign-On could meet those business requirements.

SSO architecture is different from other kinds of application development. Plan up front. Understand the tool, and understand how to configure the tool, which partially depends on LDAP, and how to configure agents to perform.

Understand how you want to protect which assets, and how you want to open asset protection to other channels because it will grow. People will be asking more and more. For us there is no other way when I’m serving that many customers – we have to be fully prepared and plan way ahead.

I rate Siteminder an eight out of ten. Siteminder has good performance on specific use cases, so if your use cases align with those, then it's a good solution to go with. But it's always good to do research and see what alternative options are available and what they have to offer in comparison. 

When selecting a vendor, what is important for our company in that relationship is, obviously, the history that we have that we have with the different companies, and meeting the requirements.

I rate it a nine out of 10. Sometimes it's just a matter of figuring out the quirks and how it works. But once it works, it works really well.

I would definitely recommend it. It's a product that does what it does very well. Once it works, it just works and you don't have to mess with it.

While I think the vendor, it would have to be a large enterprise vendor who can support and offer the scalability that we hope to have in growth of a product. Our plan is to grow that into our consumer space, which will really expand the need for the scalability. I think those are the primary factors along with the support that you need in order to support a product like that.

I would say it's got to be an 8/10 because there's always room for improvement but I think it's a good product and I think an 8 would be a good score.

Recommendations: I would have them look at the same thing for scalability. Implementation is a component, ease of implementation. It can get complex so you have to do it right. Looking at those areas is very important but I'd highly recommend the product for anybody who wants to use a single sign-on.

It has all the features, and the CA roadmap has always been ahead of the competition. The only missing portion is documentation around global deployment. As companies are growing bigger and bigger, they’re thinking about global deployments, so we haven’t seen much talk around global deployments, and I haven’t seen any white papers.

When we are looking for a new vendor, what's important to us is the relationship between us as a customer and the vendor. That has to be strong. They need to be available and supportive of our vision. 

Also, we're looking for somebody who also can help us define that vision in places where we might not have it all the way fleshed out. You could go through the list of things that you're looking for in a vendor, and build out a wish list, but, realistically, somebody that supports us when we need it, helps us to figure out where we're going when we don't quite know, and, provides technological solutions that support our long term vision. CA does that, and that's why we're with them.

I gave it an eight out of 10 because it's a really good solution. No solution is perfect, so that's why I picked eight.

I would say to give CA Single Sign On a good hard look. There are a lot of other competitors out there folks like, Okta, PingFederate, I think IBM has a product that does something similar.

I would tell them that CA Single Sign On is a worthwhile option. If they're doing their research, take a look at it, and see whether or not it meets their use case. It does for us, and it does it well, so I would certainly recommend it.

Overall, I would rate the product an eight out of ten. 

SSO is a very robust application. It's very easy to administrate and use. Users don't even know you're using SiteMinder or SSO. They just think they're on a website. I can tell by the URL that a company is using it, and I like that. It makes me want to use that company more often.

It’s definitely an industry leader in the web access realm. It’s easy to deploy and integrate.

You need to understand the overall design of your web infrastructure, and what do you want to protect – the entry point or the entry point and application server? Design questions, really. You need to decide whether you want fine-grain or course-grain authorization. For the CA solution, make a support matrix and understand other peripheral products in the environment.

It's definitely a good product and you won't go wrong if you choose this product. It's proven and is working fine. We can scale it. The support is also good. It's very stable and I don't think there is any other product which provides this kind of functionality.

The important criteria whilst choosing a vendor were scalability and the enterprise-level features that are compatible to all different versions of app servers and web servers.

CA has a lot of servers, but it needs to be simplified to only two to three components. The SiteMinder solution is something that if my colleagues would like, I’d suggest that.

Other products I would say, go look out in the market. There are better solutions, and CA should look at Gartner’s Magic Quadrant and IDG. Look at the capabilities to see how they can bring those capabilities into their products, etc. It gives me the single sign-on between applications. On-boarding isn’t effort intensive. Those are good things.

It loses points for the upgrade and for just the lack of ease of management. We've been using it for a long time, so we're comfortable with its weaknesses and we've adjusted our process around those. I think for a new implementation it would be very challenging to bring in SiteMinder.

Most important criteria when selecting a vendor: We definitely look at our engagement. We look at the support. That's always the critical factor. Otherwise, I would say most of the products, if you go by the 80/20 principle, they will technically fare well.

I would say invest a lot of time in designing it. Don't just run in without reading the guides and start deploying.

I would still not rate it a 10 out of 10 because, like I said, we had some issues with the OAuth here and there. Once those are done right, I think it would be a nine out of 10.

Regarding advice to a colleague who is researching this or a similar solution, it depends on what they are trying to accomplish. Are they going legacy, where you authenticate, versus the newer federation?

But I would recommend SSO as a solution.

Any advice I would give about this product would be an honest reflection of my experience with this product. From the technical perspective, as much as we can do, it has been pretty good. Don’t get me wrong, our account manager is great; there is no question about that. However, the quality of support and documentation are my primary concerns.

Some of the most important factors while selecting a vendor are the vendor’s technical experience, our approachability to them, their response back, licensing costs and so on.

During implementation, make sure to verify the tuning guide. We had a transition with our implementation person, who was changed in the middle of the process. In our case, factors such as maintenance and performance tuning were skipped over. We didn't really get to those aspects until we were live-in production and then needed to work out some of these issues. Thus, don't underestimate such a situation because when you experience such issues your customers are also going through them and then at that point it is public.

Mostly, our experience with this product has been good. There are areas that we think could be improved but mostly, we are happy with it.

The 2 other systems that were seriously considered were Shibboleth and then CAS. One of the main reasons as to why we decided to purchase this product, was the authorization functionality that exists in CA SSO. It was more suitable for a lot of our products as we could save time in the development aspect. I am not sure if any such functionality did exist at that level or complexity in either Shibboleth or CAS. Thus, for us this was a major selling point.

CA is great to work with, but to use it, just learn the product suites and how they interact. Make sure you have a good layout and make sure you have everything you need.

I'm an implementor, so I help clients implement the solution for their companies.

We're still in the process of testing the solution. We're currently not providing services on it as we are still in the testing phase.

So far, with a simple implementation of the SSO, I'd rate the solution eight out of ten.

One thing that recently surprised me about CA is how big it is. The product I'm talking about in that context is not a CA product, it's an acquisition that CA made a few years back. I was used to working with the other company. Once we knew that CA bought it, I was surprised to see how big CA is. Just the product suite itself is pretty large. So just that was surprising.

As for the most important criteria when selecting a vendor, technical support is clearly one of them. Vendors tend to sell us something and then walk away, and we're left holding the bag. So tech support is clearly important. Apart from that, in terms of products, we don't care much about best-in-class. We just need to make sure it fits within any kind of technology ecosystem that you have. You could come and sell me a product that is best-in-class for doing a particular thing. But if it doesn't fit into my current stack, than it's useless.

The product is 8-9/10. It's very high because of their availability and supportability on different web servers is very, very, highly ranked.

My advice and best practices is always engage with CA. Make sure that you're working and getting their input and to also see what their best solution is. They provide a very good partnership. They give you a suggestion and recommendation. You'll her from them - What is the right thing? What is the right solution? If you engage and build a good relationship you always have a good solution.

The advice is that whatever you are thinking of the product make sure you are talking to the right people. The majority of them are good people and they'll give you the right solution.

At this point I'd rate it about 8/10. One of the biggest things is availability. Availability, scalability, you really have to make sure you understand the scale of the deployment and what your requirements are around availability. Certainly in our company it has to be the highest scale, highest availability. Don’t underestimate the amount of testing you have to do, the amount of stress testing, load testing, because this is critical infrastructure. This really is the front door to all the applications in the bank and if this goes down, the bank has stopped working. Quite simply you have to make sure that you do all of the testing required to make sure that product is absolutely rock solid.

I think it is very important to do your due diligence. You need to do your research into what is out there and what is best to meet your requirements. That said, I think there is nothing really that can replace doing a proof of concept. You have to do a proof of concept, because no matter what the vendor says, no matter what other people say other blogs or other reviews, your involvement is always going to be unique. There is always going to be something that you need that maybe other people haven’t done before. Be that some authentication method, some authorization method, the number of people you have, your topology of your network.

There is always to be something. Take all of the other information in but you must verify yourself. I think you have to really understand supportability. Quality of the product, so you have to trust the quality of the development methods, the testing that it scales to how you wanted to scale that you’ve got examples of the product being deployed in similar types of organization, similar sizes, and similar industry is important. Yeah I think they are the main things really.

For us the support and maintenance matters most there because once the product is implemented but if we don't have good support at all so that makes it very difficult to run the product. For us, yes the stability plus support is very important. I'd definitely say, do use them to first of all note down all the use cases whatever they want to achieve by implementing SiteMinder. Definitely SiteMinder has a lot of features, a lot of capabilities at all but usually it's not possible for everyone to use each and every feature.

I think based on the business requirements, application requirements they should first list down what are the main criteria or their use cases and based on that they should go with the implementation. That's very important for us because yeah, definitely when a vendor comes in and they tell us about the product and the features which can meet our business needs definitely that helps. Again as I mentioned for us support and maintenance is very important so it's not just once the product is in house and we're done with it.

We definitely look for possible forums and get the user reviews, go to the user groups so that we can find more about the product and supportability. I think we’re early adapters of it when we choose it like it is or it's still the best in the breed product available in the market.

I have been working with Site Minder for the past 10 years, maybe more. However, I know the product, therefore I am able to manage it. The people in my team, they are not really happy with it, mostly from the support perspective.

My advice would be to set up several environments, including a sandbox where you can test upgrades and products without impacting users. Then have a dev environment for some users to test.

Check how many endpoint systems it supports. We chose this because of the amount of endpoints, you can automate the creation of endpoint systems, and it has the ability to create custom connectors. It supports the connectors out of the box and this is faster and easier than doing it yourself.

Have a significant knowledge of the applications transitioning, as it requires interfacing with these products to ensure proper adoption. Have a roadmap to integrate identity and access management into your organization.

Because I am new to this area, the thing that surprised me about CA is how quick they are to respond to changing needs. If we tell them we need something or do not know how to do something, they make it happen for us. It seems crazy for such a large organization to make that kind of move. 

The tool is easy to integrate with old, archaic, existing infrastructures that may not have been built with security in mind in the first place. With very little modification, we can usually secure a platform that never really had it before.

Most important criteria when selecting a vendor: responsiveness. When everything is good, the vendors are always around. It is how they respond when you have a problem.

Whatever you're considering, this is a good solution. It's got all the plug-ins and the various components – app servers, web servers – and you can customize it quite a bit.

In its space, most of the other competitors have the same sort of challenges. It's probably a little bit easier out of the box to get it to work.

For what it is, it does things reasonably well, once you get it working.

It definitely has maturity, but for all the number of releases that it's been through, I kind of expect that over those years, it just gets better and better. Like, with Microsoft, after three times, Microsoft usually gets something done really well.

CA has gone through SiteMinder/SSO 3.5, 4.0, 5, 5.5, 6, 12, 12.51, 12.52, so you start getting into the game of semi-releases, for different reasons. There hadn't been much changes in SiteMinder significantly until the 12.5 series, so between 6 to 12, there wasn't that much change, and then 12.5, there's a bit more change.

You definitely need to consider CA SSO but you need to be mindful of the new ways of developing applications, and possibly look at the CA API Gateway product or some hybrid solution as well. You definitely need to consider CA SSO.

It is quite solid. It's never really gone down. It's a well-understood and reliable piece of our enterprise. The only reason I didn't rate it higher is that it's becoming a little less appropriate for the more modern styles of web application development, which is why I am curious about CA API Gateway and leveraging that. I think that represents all the features that are missing from CA SSO.

Clearly, we can go and buy the new product set and I guess CA would love that, but there needs to be a story about how the two live next to each other. It seems like that story is worked on in the SSO world, and it's worked on in the Layer 7 world, in the API Gateway world. I don't know if it's being worked on as a consolidated whole; a solution. That brings me back to the point I made elsewhere about solutions vs products.

You need to know exactly what you need to do. So you need to know your use cases, your needs. Just go ahead, contact CA, and see what comes out of it. It's a great product, so just use it. Try it out.

From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.

It loses points because of the performance issues when we scale, which has to do with the complexity of our environment. If it’s out-of-the-box, maybe others don’t have this issue, but we do because we’re large.

As far as software goes, it’s as close to the energizer bunny as it gets. Every now and again, service will freeze, but other than that it just goes.

It depends on whether you can log in directly to your LDAP and manage it, because that would be easier. If you need the ability for just logging without buying an application and want good security, it’s an awesome solution.

Most people use it as an external firewall, but all our firewalls are internal, so this is a good back stop.

We installed one version and there is a bug in it; from a customer perspective I would want that particular issue to be fixed rather than getting an answer that the bug will be fixed in the next version.

It doesn’t mean we’re not trying to address it from our side, but with clients on it, it does take time and we’ve got to keep in mind all of the consequences. If they could have those exact solutions for a particular issue that would be great.

You should understand their requirements before they select a solution. Then you need to verify that you have the correct infrastructure, resources, and that your applications are compatible with the SiteMinder solution.

We have two business units: wireless and wireline. Wireline was already using Single Sign-On, so that's why we decided to stay with the same product on the wireless side.

CA SSO is a good product with a lot of features. CA is continuously evolving that product by adding new features. It will definitely help any company achieve their single sign on goal.

When we select a vendor, our most important criteria are the number of features they provide, how those features fit into our ecosystem, and the amount of time users spend to do what they want to do.

If someone came to me for advice, I would ask them specific questions about exactly what they need to secure on the internet, and how much of it they need because I think that one drawback to this product is that it's too big. It's too much of a beast. A lot of times, small to mid-sized companies really just need smaller bits and pieces that are available from other vendors, rather than tackling this whole beast. One thing that other vendors might do better is doing more with less with less cumbersome installation.

The most important criteria when choosing a vendor is the product's stability, so we consider overall impressions of the product’s standing in the market. Does it have good reputation for being stable? Is their company, overall, stable? We also look for ease of use of the product.

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

When you are looking for a security solution, products are there in the market, but you really don't want to go for a product that looks very beautiful from the front but has very bad stuff in the back end. One good thing is that CA has, I believe, that is has an edge. It allows me do a lot of what the customer is looking for, beyond the customer; beyond the product boundaries. They are certain things that we would not be able to do if this CA solution didn’t have this flexibility, and it's highly secure. It is a highly reliable solution to work with.

We implemented the solution almost a year and a half ago and up until now, there has been no downtime. It is reliable; it is good; it is open for customization; it is open for integration.

From my experience working with CA for almost 13 years, it’s a company. I'm not saying it’s specific to a solution. I'm talking about CA in general. It's a company with a solution and the company with the right solutions.

I have explained the journey of how these solutions (not specifically CA SSO only, but their entire security suite, including Federated Identity Management) met the requirements:

• The customer was looking to have a self registration and password reset portal for their organization but they don't want to leave this portal open and accessible to everyone without been authenticated. This was only challenge, which I have mentioned it.
• Second solution, open for customization for security from different datasources.
• Thirdly, localization of this solution. Eventually, if these solutions have only listed features and it works only what they present. For sure, we wouldn't be able to achieve it.

There are critics and these critics help CA to build their good solutions.

Extraordinary product; extraordinary flexibility to explore and meet the requirements of the customer.

Cost is the most important criteria when selecting a vendor.

Make sure you know who your support staff is, who your vendor representatives are for your account and really get to know them. Give them the requirements that you need and make sure that they're following through. Build good rapport with them. That way they can help you determine what you need to do and feel free in giving different types of suggestions.

When selecting a vendor, we look for:

• responsiveness
• technical support of the product
• accessibility of the technical support teams
• product knowledge
• ability to train their customers on their product

I rate Symantec Siteminder an eight out of ten.

Generally, it's been a great product for us to use. It's been stable. It's been a good product.

If you're thinking about implementing this solution, make sure you have the proper infrastructure. Also, try to negotiate the cost.

On a scale from one to ten, I would give Symantec Siteminder a rating of eight. If they fixed some of the issues I mentioned, I would give them a higher rating. There's a lot of players out there that are only doing half of what Siteminder does, but they do it with the more advanced protocols.

Be sure to get your doubts clear on any product features, integration with other CA products, and other security products.

I recently came across Okta, which also has cool features.

Before implementing, ask a CA manager to provide you a list of use cases, which can help you in building/offering what you have in mind.

I would advise others to use this tool as it is robust and mostly it solves all the problems that arise in our industry.

We did consider other vendors. However, after we saw the demo for this product, we decided to purchase this product.

The factors we looked into before purchasing this product are the benefits of this product, how CA functions with other tools, costs, the level of support provided, upgrades and so on.

I would totally recommend this product, but I think CA has a really good handle on what the drivers are and where the business is going in terms of application development. They seem to be a good fit.

It’s stable, the client experience is really good, and there’s an opportunity for us to improve response times. They could improve integration with other products in the suite.

Understand what their business cases are before they pursue a solution; understand where they have a need. Sometimes applications themselves don’t necessarily need to be integrated with something as robust as SiteMinder doing ID management, so I’d recommend looking at the business functions and what their needs are before they pursue the SiteMinder solution.

It may be a good product, but I'd advise staying away from customizing it.

I would recommend this solution. I would recommend the newer version without any customization. That is where we have had a problem because we did our own customization of this product.

Most important criteria when selecting a vendor: It is the supportability right. J.P. Morgan costs more, but we want stability, resiliency, and we want the product to work. However, it has to be scalable and supportable. That is the main thing for any product which we pick.

The major focus should be on planning, design, scope, and scalability. The rest is a piece of cake.

This is a product that I would recommend.

Make sure your architecture is defined properly.

My advice would be to go with it simply because I know the product and I know it works. The way I would persuade them would be to say that it's rock solid. It does what you need it to do, it's stable, and the learning curve is really not so bad.

If there was one thing I would say, think a little bit more about how you would use a flow chart to optimize the administrators experience to do the exact same job.

My advice to anybody considering this solution is to always create their use cases so that they can do a complete and thorough POC before purchasing this solution.

Do not force the implementation of these types of solutions. It was forced by the management without proper planning. I have learned that proper planning works best for these types of solutions because you have to integrate with different components of the network, in order to be successful.

I would rate this solution a seven out of ten.

It's expensive. If you're small, it wouldn't be as good a fit, but if you are a big company, then it's a better choice.

It is easy to implement, use, and scale. There is room for improvement as with any product. It’s solely based on what their requirements are, their user population, and their enterprise environment.

When we're looking to select a vendor for a product, what's most important for a client like ours is the security; the product should be really secure. The next most important is the stability.

I rate it an eight out of 10 because, once we implemented it and the Federation part was working fine, we haven't faced any problems, except for that one instance where the policy was crashing.

I would definitely suggest going for CA Single Sign On.

It provides a good UI for us, and it provides a good solution for our needs. As a standalone product, it's good.

You should understand the user setup, requirements, how you want to service the users, and their infrastructure. Based on this information, you can find the right solution.

Just do your research. This is very important.