We just raised a $30M Series A: Read our story

Symantec Siteminder OverviewUNIXBusinessApplication

Symantec Siteminder is the #1 ranked solution in our list of top Web Access Management tools. It is most often compared to Okta Workforce Identity: Symantec Siteminder vs Okta Workforce Identity

What is Symantec Siteminder?

Symantec® SiteMinder is designed to secure the modern enterprise through a unified access management platform that applies the appropriate authentication mechanism to positively identify users; provides single sign-on and identity federation for seamless access to any application; enforces granular security policies to stop unauthorized access to sensitive resources; and monitors and manages the entire user session to prevent session hijacking. Finally, Symantec SiteMinder is battle-tested and has been deployed in the largest IT environments in the world.

Symantec Siteminder is also known as Single Sign-On, SiteMinder, CA SSO, Layer7 SiteMinder.

Buyer's Guide

Download the Single Sign-On (SSO) Buyer's Guide including reviews and more. Updated: September 2021

Symantec Siteminder Customers

British Telecom, CoreBlox, DBS, HMS, Itera ASA and Simeo

Symantec Siteminder Video

Archived Symantec Siteminder Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
UA
Sr. Manager at Duroob
Video Review
Real User
Leaderboard
The flexibility helped us meet the requirements of our customer

Pros and Cons

  • "The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer?"
  • "CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together."

What is our primary use case?

Customer was looking for initially an automated self user registration through a secure channel. Apparently it looks like a very easy going requirements but if you look in the detail they want to authenticate before registration process. A user came to create an Identity and customer wants to authenticate and securly takes the same data. 

Another issue was localization and reporting 

How has it helped my organization?

If I describe what actually happened, a little bit of the business case, that will help you to understand what it was like. The customer is the kind of customer that really doesn't want to share anything. When a person joins that organization, he has to pass through a couple of security levels, the scrutiny, before the ID is given to him. They used to use a manual process. Whenever a person joined the organization, they used to take his details; they used to write on a piece of paper; then this paper used to go to one of the departments; then it goes to another department; and so on. It wasn’t just a matter of going from one building to another; it was going from region to region.

Finally, this paper goes through a couple of scrutiny procedures. Then, it used to come back to the IT department, and finally, they do their security check and they create the ID and give it to them in an envelope. That was a kind of long procedure that sometimes took 2-4 months to create the ID; just an ID for a person. It was a challenge for the customer for the last 20 years.

We were doing that project and during that project, we found that the project owner wasn’t trusted. The project sponsor wasn’t trusted to just change this overall but they had this security constraint. What they actually wanted was that when they create the ID, they want this person to be authenticated. Generally, this is not the case in any organization, that somebody joins an office and he doesn't have any ID. So, how are you going to authenticate it?

What happened was that what we've been told, “Will you guys do this? Authenticate through a national database? We want, when a person is going to join us and he will request an ID, he should be authenticated through a biometric and that fingerprint will take him to the national database, where he will check in and it will come back to their IDP, their identity provider. They have it internally, and then, we will pass it through our system.”

Now, this was a challenge because in CA Identity Management, when you have a self-user registration page, this page was open so anybody could go and open it. We needed to protect that page, and on top of that, this information had to be protected to a third party. What we did is, we brought a couple of products in the middle of it: CA Federation, CA Single Sign-On, and CA Identity Management.

What happened when the user got authenticated with his fingerprint, it comes to the IDP, we have federation through CA Federation and then, once it passes through it, we have CA SSO, which is protecting the identity management page. Once it gets past this information, it comes to the self-user registration page, but here's another challenge: You've been authenticated but now you have a page which is open. I can authenticate myself and put someone else through the system. That could be a possibility, so we had a problem.

What we did is, we just pulled the data out from the third-party, national database and brought them to the CA identity page, to the self-user registration page, and all his names, IDs, and phone numbers, come in automatically. Then, it goes through several approval processes. Finally, the ID is transmitted over his mobile number that is in the national database.

That kind of work we have done. There are other challenges, as well.

What is most valuable?

The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer? Because, if you meet the requirements of the customer, then it's way too easy to get inside the customer. We met the requirements of the customer and that's why I believe that this product has value.

What needs improvement?

I think the future release is, if you ask me, I think they have done a lot in the new release, especially the front end. The front end was not as good. CA did a good job in doing it, especially when I look at the new identity suite. They have done a good job in changing the overall look and feel. This is actually what the customer was looking for. The look and feel was not good in the earlier product. It's a journey, so we just completed one of the requirements for the customer.

CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together. If an enterprise customer has all of these three or four modules for security, he will get consolidated reporting.

A problem we had with the customer was, at the moment, we were asked, “Are you able to integrate these products together?” Were we able to get the requirement done for the customer, as a business requirement? The reporting side we were unable to do it out-of-the-box. If CA consolidates the reporting for all three together, it may be easier. I'm not sure, but it may be easier.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No at all.

What do I think about the scalability of the solution?

We are changing the architecture to scale it.

How are customer service and technical support?

Customer Service:

An eight out of 10.

Technical Support:

A seven out of 10

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

It's one of most complex requirements as explained earlier.

What about the implementation team?

CA Partner implemented it

What was our ROI?

Time value and money.

What's my experience with pricing, setup cost, and licensing?

CA solutions.. Are generally expensive but for the customer the ROI is big.

Which other solutions did I evaluate?

Yes

What other advice do I have?

When you are looking for a security solution, products are there in the market, but you really don't want to go for a product that looks very beautiful from the front but has very bad stuff in the back end. One good thing is that CA has, I believe, that is has an edge. It allows me do a lot of what the customer is looking for, beyond the customer; beyond the product boundaries. They are certain things that we would not be able to do if this CA solution didn’t have this flexibility, and it's highly secure. It is a highly reliable solution to work with.

We implemented the solution almost a year and a half ago and up until now, there has been no downtime. It is reliable; it is good; it is open for customization; it is open for integration.

From my experience working with CA for almost 13 years, it’s a company. I'm not saying it’s specific to a solution. I'm talking about CA in general. It's a company with a solution and the company with the right solutions.

I have explained the journey of how these solutions (not specifically CA SSO only, but their entire security suite, including Federated Identity Management) met the requirements:

  • The customer was looking to have a self registration and password reset portal for their organization but they don't want to leave this portal open and accessible to everyone without been authenticated. This was only challenge, which I have mentioned it.
  • Second solution, open for customization for security from different datasources.
  • Thirdly, localization of this solution. Eventually, if these solutions have only listed features and it works only what they present. For sure, we wouldn't be able to achieve it.

There are critics and these critics help CA to build their good solutions.

Extraordinary product; extraordinary flexibility to explore and meet the requirements of the customer.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Amlan Sahoo
Systems-Engineer at a tech services company with 10,001+ employees
Real User
Leaderboard
You can quickly deploy the entire product with a basic config. However, the GUIs are not very clear.

Pros and Cons

  • "I liked the debugging part. There are only two files (trace file and log file) that you need to look into while performing debugging, and the logs give you the exact info on where and what needs to be fixed."
  • "You can quickly deploy the entire product with a basic config within couple of hours."
  • "The GUIs are not very clear, especially when integrating with other products from CA."

What is our primary use case?

Our primary use is for client demo on authentication/authorization, federation, and ease of use.

How has it helped my organization?

The product was just for client demo purposes. There was no deployment onsite.

What is most valuable?

  • This is the only access management product that I have come across which configures end-to-end and hosts resources. 
  • This product is very easy to deploy. I just strictly needed to follow the user-guide.
  • The CA directory services is something that I found to be cool. 
  • I liked the debugging part. There are only two files (trace file and log file) that you need to look into while performing debugging, and the logs give you the exact info on where and what needs to be fixed. 
  • You can quickly deploy the entire product with a basic config within couple of hours.

What needs improvement?

  • The GUIs are not very clear, especially when integrating with other products from CA. 
  • Like CA IDM, there can be challenges. One needs to know that they have great hands-on on their app servers to understand the logic and deploy it accordingly.
  • There were challenges with version compatibility, and this is something that I did not like. This all happened during the second phase while trying out various integrations.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

No stability issues.

What do I think about the scalability of the solution?

No scalability issues.

How is customer service and technical support?

Technical support by CA Technologies is wonderful. I used to post my queries and get quick responses. The CA forum is something I would recommend to follow if you are dealing with any CA product. I appreciate their timely and effective responses.

How was the initial setup?

Although it is straightforward, for someone new to access management, it is always a challenge to understand what is done and why. That is where I struggled initially, since I was very new to the domain. Domain knowledge is more important when you are new to a product.

What's my experience with pricing, setup cost, and licensing?

I recommend conducting a PoC on every available product before choose one.

Which other solutions did I evaluate?

Not applicable.

What other advice do I have?

Be sure to get your doubts clear on any product features, integration with other CA products, and other security products.

I recently came across Okta, which also has cool features.

Before implementing, ask a CA manager to provide you a list of use cases, which can help you in building/offering what you have in mind.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Find out what your peers are saying about Broadcom, IBM, Auth0 and others in Single Sign-On (SSO). Updated: September 2021.
541,708 professionals have used our research since 2012.
SA
IT Security Consultant at NIC KSA
Consultant
The Federation feature is customizable and easily integrated with a customer application

Pros and Cons

  • "It has considerably reduced the amount of time that new users would take to join into the organization. Previously, it was a lengthy, manual process because it's a very secure environment, where they need to verify the user before they can actually grant him a user-ID and password. Integrating with the built-in custom application, and exposing CA Single Sign On to the internet, we were able to get the employees onboard. The time that we gained was: previously it would generally take from four to eight weeks for each employee, we brought it to one to two days."
  • "The most valuable feature is the Federation part of Single Sign On, which is customizable and is easily integrated with any customer application or any third party application."
  • "The Federation part of CA Single Sign On, it's a bit complex to implement because it involves the SSL certificates, exchange of certificates, and lot of technical details. The documentation misses some important parts of this, so that's the reason it took some time for us to go live."

What is our primary use case?

The client has a biometric identification module. We integrated that with the CA Single Sign On for new user registration, and it works perfectly fine for us.

How has it helped my organization?

It has considerably reduced the amount of time that new users would take to join into the organization. Previously, it was a lengthy, manual process because it's a very secure environment, where they need to verify the user before they can actually grant him a user-ID and password.

Integrating with the built-in custom application, and exposing CA Single Sign On to the internet, we were able to get the employees onboard. The time that we gained was: previously it would generally take from four to eight weeks for each employee, we brought it to one to two days.

What is most valuable?

The Federation part of Single Sign On, which is customizable and is easily integrated with any customer application or any third party application.

What needs improvement?

Maybe they could improve on the Federation part, and Federation with the apps. Not only for the websites, but with the apps also.

What do I think about the stability of the solution?

It's a very stable product.

Once we experienced a crash, the main policy engine of Single Sign On crashed, but CA gave us a fix for that.

What do I think about the scalability of the solution?

Scalability-wise it's good. It's built into the product.

How is customer service and technical support?

The support could improve in its response times, and in the understanding of the customers' problems.

How was the initial setup?

It was complex. The Federation part of CA Single Sign On, it's a bit complex to implement because it involves the SSL certificates, exchange of certificates, and lot of technical details. The documentation misses some important parts of this, so that's the reason it took some time for us to go live.

What other advice do I have?

When we're looking to select a vendor for a product, what's most important for a client like ours is the security; the product should be really secure. The next most important is the stability.

I rate it an eight out of 10 because, once we implemented it and the Federation part was working fine, we haven't faced any problems, except for that one instance where the policy was crashing.

I would definitely suggest going for CA Single Sign On.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
it_user778593
Manager with 10,001+ employees
Real User
Federation enables us to integrate with multiple third-party vendors

Pros and Cons

  • "Federation is valuable, for sure, because we have a lot of third-party vendors that we need to integrate with, and this is a turnkey solution in some ways."
  • "The Directory is secure. It's our user store, and it's important to keep our members safe. The product does well with that."
  • "I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product."
  • "They need to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting."
  • "The initial setup was complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid."

What is our primary use case?

It is our authentication system for access to online and mobile banking.

Its performance has been good. It works well for us.

How has it helped my organization?

It keeps our members safe, that's a benefit for us. It's important.

What is most valuable?

Federation, for sure, because we have a lot of third-party vendors that we need to integrate with, and this is a turnkey solution in some ways.

The Directory is secure. It's our user store, and it's important to keep our members safe. The product does well with that.

What needs improvement?

I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product.

Also, easier integration with third-party partners to OpenID Connect because username/passwords are a thing of the past. People are going to be using facial recognition. Apple has gone that way. There are other companies like Daon that are doing this. CA SSO will be left behind if they don't have it yet. There's some innovation being done, but it's not there.

Improvement is being made all the time. I just came out of a session here at the CA World conference where they showed how you set up Federation partners is being improved, through more APIs. Making life easier for the engineer is always important because we are lazy in general. So improvements are being made in that space. There's more to be done, like how to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

If I had answered this question four years back I would have said "poor." But over the last four years they've done a lot of work to make it stable and it's reasonably stable right now.

It still goes down once in a while. But that's not the product's problem, it's probably how it's configured in our environment. So the product is pretty stable.

What do I think about the scalability of the solution?

It is scalable. It depends on where it's running, and on where it's deployed, and how it's configured. In our case, it is scalable. 

Some parts are scalable, not all parts. We do have some customized pieces within the product itself that we paid CA to build for us. Some of those things are not scalable.

How are customer service and technical support?

Technical support is good. We're a large scale customer for CA, so we do have Premium Support from them. We had a problem about three years back with the stability and we were going down all the time. We actually got somebody in-house from CA, to come to our office within a few hours, and the person stayed on until the problem was fixed.

Which solution did I use previously and why did I switch?

We had no choice. We were growing too big. We had a homegrown solution in place six years back, and our CTO at that point made a conscious decision to go towards this approach. And it worked.

I think CA had a pre-existing relationship with our company. And our CTO had used a CA SSO product before, and the recommendation was made at that point. So I don't know whether it was a full evaluation that was done, or whether it was the fact that, "Hey, it is a product that had worked before in other places, and we're talking about a straightforward use case here. So let's just go for it."

In terms of advice to someone looking for a similar solution, this one has worked for us, so think of whether it fits into your space. It may be best-in-class for doing a particular type of function, but that doesn't mean it fits in your ecosystem. So think of that first before you pick something which is best-in-class.

How was the initial setup?

Complex, painful. But that is to be expected of any new setup. When you're a big bank like us, any kind of migration to a new product is hard. I expect it to be painful, and it was painful. But it's not something that you can avoid.

What other advice do I have?

One thing that recently surprised me about CA is how big it is. The product I'm talking about in that context is not a CA product, it's an acquisition that CA made a few years back. I was used to working with the other company. Once we knew that CA bought it, I was surprised to see how big CA is. Just the product suite itself is pretty large. So just that was surprising.

As for the most important criteria when selecting a vendor, technical support is clearly one of them. Vendors tend to sell us something and then walk away, and we're left holding the bag. So tech support is clearly important. Apart from that, in terms of products, we don't care much about best-in-class. We just need to make sure it fits within any kind of technology ecosystem that you have. You could come and sell me a product that is best-in-class for doing a particular thing. But if it doesn't fit into my current stack, than it's useless.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778935
Security Architect at Raymond James Financial, Inc.
Real User
Really helps with our numerous legacy apps, and is easy to administer

Pros and Cons

  • "If you look at our organization, and really all financial institutions, we have a lot of legacy apps. So it really helps to get Single Sign-On."
  • "Ease of use is very good, for administrating it. It's very well known."
  • "I would like to see a move towards the newer technologies, which is what we are doing right now. I think that's in the roadmap that's coming, in the 12.8 and 14 releases, but we would like to have it sooner than later."

What is our primary use case?

Primary use case is for authentication in Single Sign-On, that's the biggest that we have. But we use it for our internal employees.

It has performed well. We had some hiccups, but that's all.

We had some challenges through modernizing everything over the last two years. Now we are pretty good. We don't see any production challenges. I don't think we have had an incident for a year now.

How has it helped my organization?

I think Single Sign-On helps a lot. If you look at our organization, and really all financial institutions, we have a lot of legacy apps. So it really helps to get Single Sign-On.

What is most valuable?

We use it on the agent model, and we have a lot of capabilities which we leverage to do it on the different apps, so critical apps are protected better. And we do step up using this, but we are looking at other products now to do the advanced track.

We use it mostly out of the box, standard, no customization.

Ease of use is very good, for administrating it. It's very well known. The ease of use is good for our deployment and our applications.

What needs improvement?

I would like to see a move towards the newer technologies, which is what we are doing right now. I think that's in the roadmap that's coming, in the 12.8 and 14 releases, but we would like to have it sooner than later.

What do I think about the stability of the solution?

I think now, for over a year, we have had any issues. It has been really very stable for us.

What do I think about the scalability of the solution?

We don't have, and have never had, any scalability challenges.

How are customer service and technical support?

We use it for challenges we have. If there are any issues that apps are reporting, we use tech support.

I think we have been good for over a year. We always get to the same contact that we have in the support. It's not dedicated support that we have bought, but most of the time it goes to the same person. So it's very easy to traverse.

Which solution did I use previously and why did I switch?

We had a predecessor to it which was near end of life. I knew this product because I was part of CA previously.

We went with CA because it met most of our requirements. We had a requirement list of what we definitely wanted, what was nice to have, and I could see most of what we wanted.

How was the initial setup?

We actually used CA Professional Services. There were some challenges on some aspects of it, but on the base product, not at all.

Which other solutions did I evaluate?

We looked at a lot of vendors around it. We had looked at RSA, Ping, and a multitude of others, just on paper, so to speak.

What other advice do I have?

Most important criteria when selecting a vendor: We definitely look at our engagement. We look at the support. That's always the critical factor. Otherwise, I would say most of the products, if you go by the 80/20 principle, they will technically fare well.

I would say invest a lot of time in designing it. Don't just run in without reading the guides and start deploying.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778932
Technology Director at a financial services firm with 10,001+ employees
Vendor
We have 40 million users who login everyday, so it is very scalable

Pros and Cons

  • "It has the ability to authenticate and authorize users. It is the main feature for our security."
  • "It is very scalable. We have a very large customer base: 75 million customers."
  • "The main thing is we do not have the traceability and good monitoring that CA can provide us to capture problems when they occur."
  • "All the problems that we reported actually have never been resolved. We could not capture enough information for CA to be able to debug the problem."

What is our primary use case?

Primary case is to authenticate users and use banking online. It is performing well.

How has it helped my organization?

It has definitely made things easier. We do not have to do that development. It is an out-of-the-box product which does the thing it does best.

What is most valuable?

It has the ability to authenticate and authorize users. It is the main feature for our security.

What needs improvement?

Better monitoring. A better way to debug a problem. When there is a problem with it, it should log enough information for CA to know what is the problem, like a better debugging tool. 

It needs better debugging and support.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We have had some issues with it, but in general, it is good.

CA was there to help. There is some issues in general.

What do I think about the scalability of the solution?

It is very scalable. We have a very large customer base: 75 million customers. We have about 40 million log in a day. So, the scalability is very good.

How is customer service and technical support?

We are not very happy with the support, I am sorry to say.

The reason is mostly because we stayed on an older version and we are behind catching up on a newer version. It has become harder for CA to give us good support. 

The main thing is we do not have the traceability and good monitoring that CA can provide us to capture problems when they occur. That is the biggest thing.

It has been an issue. All the problems that we reported actually have never been resolved. We could not capture enough information for CA to be able to debug the problem. This problem does not happen often. But, when it happens, we do not know why, because we are not able to capture the data. I think that is the biggest drawback. The support and its combination between ability for them to support us on all the older versions and different infrastructure to what CA recommends us to do. We are trying to upgrade and all that. Maybe these things will help.

Technical support is always available and very responsive. I have a direct line to the engineers. They allow me to talk to them directly. They really are trying to help the best they can. It does not work out well. In terms of interaction, no problems there.

How was the initial setup?

When I started two years, it was already setup. Now, I am reengineering it. I am doing a different setup to eliminate any customization for CA to support us better. The process is straightforward.

What other advice do I have?

I would recommend this solution. I would recommend the newer version without any customization. That is where we have had a problem because we did our own customization of this product.

Most important criteria when selecting a vendor: It is the supportability right. J.P. Morgan costs more, but we want stability, resiliency, and we want the product to work. However, it has to be scalable and supportable. That is the main thing for any product which we pick.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user778860
Security Engineer at a financial services firm with 10,001+ employees
Real User
All of our applications get a point, click, and you are in, while we increase security at the same time

Pros and Cons

  • "We almost never have outages nor see slowdowns."
  • "All of our applications get a point, click, and you are in, while we increase security at the same time."
  • "I would prefer to see their SAML integration be a more streamlined and easier interface."

What is our primary use case?

We use single sign-on to provide a single login page for all of our client apps across the organization and it performs wonderfully. We almost never have outages nor see slowdowns, not from our stuff anyway. 

How has it helped my organization?

People do not have to remember 35 to 40 usernames and passwords. They have a link to go to their page that they need to work on, and it is there. It knows it is them. If we lose an employee, they no longer can sign in from anywhere in the world, they are immediately gone. 

What is most valuable?

Simplifying the user experience. We use a lot of integrated Windows authentication with it. All of our applications get a point, click, and you are in, while we increase security at the same time.

What needs improvement?

I would prefer to see their SAML integration be a more streamlined and easier interface, more like PingFederate's interface. Their product works just as well for that use case, but we do not use it, because it is a much larger learning curve to get it running.

What do I think about the stability of the solution?

It is one of the most stable products in the banking organization that I am in. It never goes down and if it does, it is usually because my partner or me did something to it. 

I have been using it for a year. The company has been using it for probably 20 years. It has always been a very stable product.

What do I think about the scalability of the solution?

It is immensely scalable. We have 18,000 employees running on six servers right now. They are not even at 10% usage, but to spin up more just to add a server and plug it in, it is ready to go.

How is customer service and technical support?

Technical support is fantastic. They provide quick answers. It is very rare that it takes more than two or three days to actually resolve a non-production problem. With a production problem, they are right there with you the whole time until it is fixed.

We have had large-scale issues, but it never really took them a long time to fix. Usually within a few hours, we would have a fix.

They also take use of their community.

How was the initial setup?

I was not involved in the initial setup, but I am involved in building a parallel platform right now for an upgrade. 

The upgrade is a very straightforward setup, easy to install and run. A little bit complex to set up rules, but that is why you want engineers around.

What about the implementation team?

We have a resource that we are paying for from CA, but we really do not need to use them, except for on the Identity Management side. 

Which other solutions did I evaluate?

I would absolutely recommend they go with SiteMinder SSO. I have worked a little bit with some of the other products out there and they are not as easy to use, and they are definitely not as stable. Shibboleth is a competing free product. It is horrible. A lot of companies use it, but it is not fun.

What other advice do I have?

Because I am new to this area, the thing that surprised me about CA is how quick they are to respond to changing needs. If we tell them we need something or do not know how to do something, they make it happen for us. It seems crazy for such a large organization to make that kind of move. 

The tool is easy to integrate with old, archaic, existing infrastructures that may not have been built with security in mind in the first place. With very little modification, we can usually secure a platform that never really had it before.

Most important criteria when selecting a vendor: responsiveness. When everything is good, the vendors are always around. It is how they respond when you have a problem.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user778521
Site Minder Admin at a construction company with 501-1,000 employees
Vendor
We're able to provide users with efficient, secure login, but there are compatibility issues

Pros and Cons

  • "SAML is the best thing we're using right now because there is no need for creating an external account."
  • "We are finding some compatibility issues. We're still working with CA on them."

What is our primary use case?

What we're doing with Single Sign-On, we're providing security to different applications, like protecting the URLs. The other thing is, we're using SAML. With SAML we are connecting to the external vendor, external partner, and providing the customer a single sign-on to at the second domain.

How has it helped my organization?

It's more efficient. We're providing immense security to the applications, to Chase. We're securing 70 million customers in Chase.

What is most valuable?

I find that SAML is the best thing we're using right now because there is no need for creating the external account. If you take a partner like Disney World, if a Chase customer wants to log in to Disney World, then it is easy for them to log in with the same credentials, whatever we have at Chase. There is no need to make a new account or enter in the same data.

So, the Chase user, if he wants to purchase something on Disney World, tickets for example, he doesn't need to give his details to Disney World. He can use the information with the details, whatever we have, in the Chase DB. We're just, as part of the transaction, sending the details to Disney World and he completes the transaction with the details. So in that case, we're providing security to the user data.

What needs improvement?

We're working on a mobile API gateway. I am really interested to learn more about that.

What do I think about the stability of the solution?

It's stable, but we are finding some compatibility issues. We're still working with CA people. We're trying to improve the enhancements.

What do I think about the scalability of the solution?

Scalability is good so far. It is user friendly, so we are not experiencing many complications when using this application.

How is customer service and technical support?

Good support. We work with CA technicians frequently, engineers very frequently. They're very helpful.

Whenever we go to them with an issue, they'll first look at the existing DB. If the same kind of issue happened previously, they'll try to pull that information and provide us the feedback right away. If it is a new issue, they will really work hard to get the issue done, as soon as possible.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778665
Design Engineer 5 at a financial services firm with 10,001+ employees
Real User
It is stable, but certain features which are out in the market are not available to make it more robust

Pros and Cons

  • "Right now, federation that comes out-of-the-box with single sign-on is the most valuable feature that we have, and also scalability."
  • "Better documentation. I went through some sessions on single sign-on for version 12.7."

What is our primary use case?

It is basically for authenticating the users, whether it be privileged users or employees. Thus, we use that single sign-on (SSO) as an authentication mechanism.

How has it helped my organization?

It is a simple solution to implement, and it provides additional flexibility.

What is most valuable?

Right now, federation that comes out-of-the-box with single sign-on is the most valuable feature that we have, and also scalability.

What needs improvement?

Better documentation. I went through some sessions on single sign-on for version 12.7. Whatever features we are looking for from a REST API perspective, they will be there. So far, it is good. We have to implement it, and figure out what is good or bad about it.

There are a few other competitors which are taking up advantage over the segment being more agentless. SiteMinder is more driven with agent-based authentication, but the others are going with being more agentless. So, we have to go into the more next gen technology, where other vendors are going into, and that is where SiteMinder is lagging behind. The speed at which they are bringing up these features, it is very slow. 

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It is stable, but certain features which are out in the market are not available to make it more robust.

What do I think about the scalability of the solution?

We are able to scale well with the amount of users that we have and the users that we are supporting. So, it is quite scalable. However, it does not scale vertically. It is only scalable horizontally. Therefore, it increases the footprint.

Right now, we have hundreds of policy servers between two datacenters. If it was vertically scaling, the footprint would have been reduced, and we have been looking towards a solution. However, the SiteMinder platform as such, even the 64 bit, is built on a horizontal scaling architecture. I do not think it is built on vertical scaling. Even if it is, for most of the companies like us, where we invest in a lot of infrastructure, vertical scaling would not really help.

How is customer service and technical support?

We had a legacy implementation, and their technical support has been acclimatized to the new partnership federation, so they could not help much in terms of the solution. Therefore, I had to do trial and error to figure out what to do with it, and get it working.

Over the past years, CA support has been only focused on problem areas. When there is a specific problem, they will focus on resolving that problem. They are more focused on closing tickets. They are more focused on getting the tickets closed than resolving them. If the solution is not resolved, and if I requesting, "Hey, I want a couple of weeks for that to be open." Sometimes, they do it. Sometimes, they say, "Hey, we will close the ticket, then you can reopen a new one."

Other instances, if it is a feature that we need answers on, support sometimes says you need to get professional services to get engaged. I do not know whether it is the right direction that CA wants to go, because support is something that support professionals are supposed to know about the product. I would go and open up a ticket to get answers based on the feature that is available or what we are planning to do. We cannot just go hire professional services for everything that we do.

All of the feedback within our team for CA Support is not good. It really is on a very low level, but then it is very specific for CA SSO. The CA support for other products, like CA Spectrum, has been good. However, for CA SSO, it is absolutely poor.

How was the initial setup?

The initial setup was straightforward. Also, we have been doing upgrades, in place upgrades, as well as cloning infrastructure, which has been pretty straightforward. 

However, the documentation is very unclear. It is painful to go through the actual documentation and get the information which we need. 

I opened up a ticket a couple of weeks ago. It was on strong authentication where we wanted to upgrade from an older version to a newer version. I had to go through three documents and open up a ticket to understand how the upgrade process should happen. It was so confusing. In one document, they say something, and in another document, they say another thing. I actually had to open up a ticket for this. I wanted to delegate the work to somebody else, and when they asked me the question, I did not have the answer, because it was distributed across three documents.

Even during my initial deployment of strong authentication, this was the older six stack two version, if I would have gone through the document to build it, I would not have done it. We had professional services sitting with me, because I was doing a PoC. At that time, we went through the installation, and I was able to receive some help.

But for everything, I cannot go to professional services. If the documentation was straightforward, then I do not have to refer to professional services. That is one thing that I have noticed, the documentation is really unclear.

Which other solutions did I evaluate?

Ping and ForgeRock. In our company, because they are competitive and have an edge over SiteMinder, they are even considering going for ForgeRock or Ping. These companies are more flexible and are open source products, whereas SiteMinder is propriety. 

So unless we get into something, then we can't even go to open source and get the information. It is basically, we have to reach out to CA to get answers. 

That is what management is looking for. They want versatility, and when senior management looks for a product, they are looking at:

  • Can we customize a product? 
  • Can we add features? 

That is the thing that they're looking at, and they are finding Ping Identity, or Ping products, and ForgeRock products more appealing than SiteMinder.

What other advice do I have?

I have been working with Site Minder for the past 10 years, maybe more. However, I know the product, therefore I am able to manage it. The people in my team, they are not really happy with it, mostly from the support perspective.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778881
Director at a logistics company with 1,001-5,000 employees
Vendor
Provides secure PC login, and allays concerns of unwanted access to data if a device is lost

What is our primary use case?

Validation of people's logins when they log in to their PCs. Everybody, when you turn on your PC, you go SiteMinder to login. Security.

It has performed very well, it does what we need it to do, it's reliable, and it doesn't impose any overhead on the user or on the platform.

What is most valuable?

  • Ease of use for the user 
  • Security, of course
  • The ease of setup and installation

How has it helped my organization?

We can definitely control our user experience better on the PCs. People don't necessarily have to worry about losing something, like a PC, or a tablet, or a phone, because it's controlled by SiteMinder. We can remote wipe it, we can do all sorts of different things to secure it.

What needs improvement?

Answering this would require me to know what the current platform does or doesn't do, and I'm afraid I'm not a good enough judge to make that evaluation. I might say something and it's already there, and I just don't know about it.

I will say the user interface for login is kind of plain. They could make it a little prettier. The site is a big, blue screen, with "SiteMinder," and that's pretty much it.

What do I think about the stability of the solution?

It seems pretty stable so far. It's a mature product, it's been around for a long time.

What do I think about the scalability of the solution?

We're using it on thousands and thousands of devices, thousands and thousands of users. So, it's very scalable.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778740
Systems Engineer at navyfederal
Real User
The authentication and authorization empower our contact center to handle customer calls

What is our primary use case?

Our customers use it to log on to our site.

It has performed very well, so far.

What is most valuable?

  • Authentication
  • Authorization 
  • The user repository

Without, with the number of customers using our site, if that portion was down, our contact center wouldn't be able to handle the calls, if the authentication and authorization wasn't working.

How has it helped my organization?

It has streamlined a lot of the functions, and for all our applications they don't have to worry about the security part, they just ride the application and SSL handles the authentication, the security part of it.

What needs improvement?

The OpenID Connect piece, we would like to see the new technologies baked into the product, as opposed to going out and using a different product to accomplish the same thing. So OpenID Connects would be great, to have that kind of plug-in, into SSL without having to go in and install new products.

What do I think about the stability of the solution?

It's very stable. We have experienced occasional downtime, but once we work with support we find the problems and we solve them. Once everything is configured and working, it's stable.

What do I think about the scalability of the solution?

In terms of scalability, so far we haven't really had issues with performance, we haven't faced any problems yet.

How is customer service and technical support?

Technical support is good. Once we escalate, the proper channels get the tickets, then we have no issues with them.

What other advice do I have?

When selecting a vendor, what is important for our company in that relationship is, obviously, the history that we have that we have with the different companies, and meeting the requirements.

I rate it a nine out of 10. Sometimes it's just a matter of figuring out the quirks and how it works. But once it works, it works really well.

I would definitely recommend it. It's a product that does what it does very well. Once it works, it just works and you don't have to mess with it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SH
Software Engineering Consultant at a retailer with 10,001+ employees
Real User
Enables us to federate identity for remote web applications easily

Pros and Cons

  • "As our identity model continues to mature, probably the Federation is most valueable."
  • "I'd like to see a rework of the user directory configuration."

What is our primary use case?

We use Single Sign On to provide, of course, single sign-on to a variety of web applications. We use it to federate identity for remote web applications as well.

It's performed well. We're on an older version, so there's the occasional stability issue, but overall, that's what you're going to see in any enterprise environment.

What is most valuable?

As our identity model continues to mature, probably the Federation is most valueable. 

In IT, you're seeing a large shift to the cloud, and to using software as a service applications and, because of that, you still need to be able to securely assert identity. The Federation components of CA Single Sign On allow us to do that effectively and with minimal resource investment, to realize functionality.

How has it helped my organization?

It allows us to get, again, both externally hosted and internally hosted web applications up and running using centralized credentials in short order. It makes it easy.

What needs improvement?

I've talked to them about this: I'd like to see a rework of the user directory configuration. In Single Sign On, whenever you set up a new user directory, there is a pretty specific number of hoops that you have to jump through in order to maximize throughput between Single Sign On and a user directory. A lot of those aren't documented, so the only way you typically get that information is by engaging CA support, which, if you don't think you need to do that beforehand, you're going to have an unpleasant surprise when you cut over. 

So, either reworking the user directory configuration would be great, to make some of those hoops that you have to jump through unnecessary, or redundant. Or, failing that, reworking the documentation for setting up the user directory, explaining the rationale behind why you have to do the things you do. Because, if it were documented, at least then you'd be able to set it up effectively without incurring downtime, as you find out how to do it the right way.

What do I think about the stability of the solution?

In terms of the stability issues, what we do see is frequent Policy Server service restarts. What will happen is SM Policy Server will die and be restarted by the SM executive. That happens relatively frequently. But again, we're on an older version, and we've been told by CA that that's the reason why, and that it has been patched in later releases of the product. 

But the executive restarts the service as fast as we can log in and look to see, is there any service impact? The environment is once again processing authentication and authorizations. Not only that, but, we do have a relatively large environment as well, so we have policy servers running and multiple datacenters. It's not just one in each datacenter, it's several in each datacenter. So we don't see any large, sweeping impacts to our enterprise authentication traffic; when one goes down, it gets restarted. Although, it is a pain because you do have to allocate resources to go and verify that yes, indeed, it did come up.

What do I think about the scalability of the solution?

The scalability? I think it does well. We've been able to scale horizontally at various times throughout the lifecycle of the product, within our environment, with minimal fuss. It's been good.

How are customer service and technical support?

It's good, actually. Very good. The product knowledge that they have on hand with that staff is more than adequate. They've sent people on site on several occasions. We've engaged them not only through the phone, but through the web submission portal, and in person. At every opportunity, CA staff has been professional, knowledgeable, easy to work with.

Which solution did I use previously and why did I switch?

We were using something previously but I don't recall what it was. In terms of switching, it's a similar decision chain to what you think about when you need to invest in an upgrade. Is there a problem with stability? Is there a problem with scalability? Does the solution meet the evolving needs of your enterprise? 

From what I've heard, the solution that was in place in the past was very unstable. In terms of comparison, Single Sign On is much more stable from what we've seen, than the previous candidate. That's why we decided to make a change. We evaluated the options at hand, and selected Single Sign On to move forward.

How was the initial setup?

I wasn't involved in the initial setup for our current environment, but I'm involved with a project that is setting up the upgrade environment. It's pretty straightforward.

What other advice do I have?

When we are looking for a new vendor, what's important to us is the relationship between us as a customer and the vendor. That has to be strong. They need to be available and supportive of our vision. 

Also, we're looking for somebody who also can help us define that vision in places where we might not have it all the way fleshed out. You could go through the list of things that you're looking for in a vendor, and build out a wish list, but, realistically, somebody that supports us when we need it, helps us to figure out where we're going when we don't quite know, and, provides technological solutions that support our long term vision. CA does that, and that's why we're with them.

I gave it an eight out of 10 because it's a really good solution. No solution is perfect, so that's why I picked eight.

I would say to give CA Single Sign On a good hard look. There are a lot of other competitors out there folks like, Okta, PingFederate, I think IBM has a product that does something similar.

I would tell them that CA Single Sign On is a worthwhile option. If they're doing their research, take a look at it, and see whether or not it meets their use case. It does for us, and it does it well, so I would certainly recommend it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user778626
Senior Software Analyst at NRG Energy
Vendor
Handles authentication and authorization for our multiple websites

Pros and Cons

  • "Authentication & Authorization are important because all the sites need authentication for security purposes. That has been handled pretty well all these years with SSO."
  • "We would like to the OAuth be more stable, more issues being fixed rather than not."

What is our primary use case?

We use it for authentication and authorization for our website. We have multiple external and internal websites that we host, so we are using SSO for authenticating and authorizing for all those websites.

It has performed quite well. We have been using it more than 10 years now.

What is most valuable?

  • Authentication
  • Authorization

for our websites. These features are important because all the sites need authentication for security purposes. That has been handled pretty well all these years with SSO.

How has it helped my organization?

It doesn't take time for us to configure, maybe because we have been using this product for so long. In terms of security rights, a lot are covered under SSO, so we don't actually have to go and do something on the back end.

What needs improvement?

We would like to the OAuth be more stable, more issues being fixed rather than not.

We're pretty happy, but there are some scenarios with the new stuff, like OAuth - where authentication happens from Google, Amazon - in which they're still lagging right now. They're developing it, but we have been using SSO for a long time and Oauth capability was not there, and it recently started this year. So we had a little bit of a question, "Should we still use this product or we should go to another product?" That was the one concern.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Stability? There have been some issues but over the years but it's pretty stable. The issue we encountered was a whole site going down. But we were able to bring it up.

What do I think about the scalability of the solution?

Scalability is pretty good.

How is customer service and technical support?

They're pretty good on some of the non-issues. There are some delays, however, and they keep on asking for logs or try to delay it, maybe it's stuff they don't know. But in most of the cases they respond pretty quickly.

How was the initial setup?

I wasn't in on the initial setup, but I have been installing a lot of the newer versions. Compared to six, seven years ago, now it is very, very smooth.

What other advice do I have?

I would still not rate it a 10 out of 10 because, like I said, we had some issues with the OAuth here and there. Once those are done right, I think it would be a nine out of 10.

Regarding advice to a colleague who is researching this or a similar solution, it depends on what they are trying to accomplish. Are they going legacy, where you authenticate, versus the newer federation?

But I would recommend SSO as a solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user354801
Infrastructure Manager at a government with 1,001-5,000 employees
Vendor
It is a reliable, complete product

What is most valuable?

It is reliable.

What needs improvement?

I do not think there is anything to improve. It is a pretty complete product.

What was my experience with deployment of the solution?

We are using it as we have implemented it. I have not seen anything that is missing.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

The tech support has not been very good for us so we don't use them anymore. We have had some issues. Nobody is perfect. It was a long time ago, but we stopped using them because of it. It was very long time ago. It might be better now, but it used to not be so good. Now, we solve problems…

What is most valuable?

It is reliable.

What needs improvement?

I do not think there is anything to improve. It is a pretty complete product.

What was my experience with deployment of the solution?

We are using it as we have implemented it. I have not seen anything that is missing.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

The tech support has not been very good for us so we don't use them anymore. We have had some issues. Nobody is perfect.

It was a long time ago, but we stopped using them because of it. It was very long time ago. It might be better now, but it used to not be so good. Now, we solve problems in another way.

Which solution did I use previously and why did I switch?

We started to use the product before it was CA. It used to be another company's product. CA bought the company a couple of years ago. I do not remember who it was actually.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Manager, Operations at a tech services company with 1,001-5,000 employees
Consultant
The most valuable features are simplified federation and Integrated Windows Authentication.

Pros and Cons

  • "IWA is an out-of-the-box feature. The SAML-based federation is standard for all tools. However, CA Single Sign-On has made the federation configuration way too simple and handy to set up and use."
  • "If the reporting feature can be integrated into SSO itself that will be an icing on the cake."

What is most valuable?

  • Simplified federation
  • Integrated Windows Authentication (IWA)

Our customer had two requirements:

  • Authentication without any challenges
  • Access to the partner's application without any additional login required

The first requirement got covered by IWA. The second requirement was covered by simplified federation.

IWA is an out-of-the-box feature. The SAML-based federation is standard for all tools. However, CA Single Sign-On has made the federation configuration way too simple and handy to set up and use.

Updates as on 09/21/2017

CA SSO is helping us a lot in providing the access solution to the customers. The enhanced features in the Simplified federation and the support for a number of different User store types allow us to support almost anything that customer needs. Very pleased with the new Reporting tool from CA that has ut of the bx integration capabilities with CA SSO and is an excellent tool for simplified and useful reports.

How has it helped my organization?

My customer is able to get seamless authentication done using IWA and straight access to the partner's application without any further authentication.

Reporting an auditing was one of the most needed requirements that was fulfilled very easily by CA SSO.

What needs improvement?

The upgrade/migration process can be simplified further.

If the reporting feature can be integrated into SSO itself that will be an icing on the cake.

For how long have I used the solution?

I have used this solution for almost eight years.

What was my experience with deployment of the solution?

Not until now form CA SSO side. Only one time we had to deviate from requirement because CA SSO does not support Oauth as a token provider and need additional tools to achieve this.

What do I think about the stability of the solution?

We have never experienced any stability issues.

What do I think about the scalability of the solution?

Up until now, there were no scalability issues. We are able to manage around 25K users without any issues.

How are customer service and technical support?

Customer Service:

Good customer service for the support and comfort to the customer.

Technical Support:

The technical support team is not very proactive. CA can improve in this area. I would give them a rating of 5/10.

Which solution did I use previously and why did I switch?

This is the first solution that we have tried.

How was the initial setup?

The initial setup was very easy and straightforward.

What about the implementation team?

In house implementation

What was our ROI?

It is a good return on investment and we are able to deliver SSO as a service.

What's my experience with pricing, setup cost, and licensing?

The price is quite comparable to the other enterprise-level solutions in that market. Since it has a user-based license, one should plan in advance regarding the scope in scalability.

Which other solutions did I evaluate?

We looked at similar solutions from Oracle and IBM. However, CA was much better, in terms of its user-friendly nature and the cost.

What other advice do I have?

The major focus should be on planning, design, scope, and scalability. The rest is a piece of cake.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user392583
Sr Manager at a comms service provider with 10,001+ employees
Video Review
Real User
Stability is the most important aspect for us. We use SSO for all of our applications and it's stable.

Pros and Cons

  • "It provides the breadth and the width to provide solutions for the different kinds of technologies which we have."
  • "As we are moving in to the mobility space, this is where we really see SiteMinder and their other product really come together to provide a solution base to a different area where the IoT is coming, the different business communications are happening. All of those things require authentication and we really want to see this product grow into that role."

What is most valuable?

It provides the breadth and the width to provide solutions for the different kinds of technologies which we have. Stability is the most important thing for us. It just allows the user a simple, one way of authenticating. They really made life simple for the user and and the user experience has improved. The user doesn't have to memorize and retain many passwords. They provide a secure and an easy to use solution.

What needs improvement?

As we are moving in to the mobility space, this is where we really see SiteMinder and their other product really come together to provide a solution base to a different area where the IoT is coming, the different business communications are happening. All of those things require authentication and we really want to see this product grow into that role.

For how long have I used the solution?

We have been using SiteMinder for the last 15 years and we have been very good and successful in implementing the solutions. The solutions have been working for us. We have not used up any of those solutions since 2001.

What was my experience with deployment of the solution?

Regarding the implementation aspect of it, any Single Sign-On solution has multiple components to it. The client side solution has a required plug-in, which is very easy because the majority of the web servers which are out there, their support is always available and for any kind of a new web server comes in and then similarly on the back end side where the servers are really running and it is very easy to incorporate and adopt.

What do I think about the stability of the solution?

The solution is very stable. It is the most important thing because all of our applications use this product. If the solution goes down and the product doesn't work then we have a major outage in the company, so it is very, very important that any solution we use, not only is it ease of use, but also that it is important that the solution is stable, and it works the majority of the time. Of course, no software solution is 100%, but as long as it provides 99.9% availability, that's what we look for.

What do I think about the scalability of the solution?

It's very scalable as a self service solution and you can add as many servers as you want, and as many locations as you want. There was a time that we had 20 million customers based on this one solution. It can support a variety of ways, but there is a number of applications, number of users. All of these things really provide very good and easy ways to scale without many changes to the environment.

How is customer service and technical support?

The important thing is not only the scalability and availability, but also having a good partnership. When the problem comes up, how quickly can we can solve it? That's one of the best things what CA gives us. To establish a relationship which is based upon the partnership and they are there to help us whenever we have any problems.

They have a tier support model just like any company has, so depending upon the type of issues we are having we usually get a good response very quickly. A back end engineer on our case if this is going on a severity level one, then we get very good support immediately.

What other advice do I have?

The product is 8-9/10. It's very high because of their availability and supportability on different web servers is very, very, highly ranked.

My advice and best practices is always engage with CA. Make sure that you're working and getting their input and to also see what their best solution is. They provide a very good partnership. They give you a suggestion and recommendation. You'll her from them - What is the right thing? What is the right solution? If you engage and build a good relationship you always have a good solution.

The advice is that whatever you are thinking of the product make sure you are talking to the right people. The majority of them are good people and they'll give you the right solution.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user572931
Service Delivery Manager at a tech services company with 10,001+ employees
Video Review
Consultant
It is flexible, integrates with applications and solutions, and is configurable.

What is most valuable?

Obviously, the most valuable feature is the flexibility of the solution, it being able to be integrated with a number of applications and solutions; and also, the configurability of the solution.

How has it helped my organization?

Security is a big concern of our client and it is certainly something that helps the client be able to secure the application and provide a better user experience; doing a single sign-on instead of multiple logins, for example.

What needs improvement?

I've seen a lot of analytics capability being built in for a number of products. Obviously, I want to be able to use analytics on CA SSO as well.

For how long have I used the solution?

The client that I manage it for has used it for four years already.

What do I think about the stability of the solution?

It's a stable solution. It's been in place for quite some time already. There aren’t a lot of operational or technical issues that are related to the system, so it's a stable solution.

What do I think about the scalability of the solution?

It has been scalable, to us, at this point in time. It's been able to support quite a number of applications for our client. It's scalable to us.

How is customer service and technical support?

Technical support has been great. Generally, support is very responsive, timely, and obviously, we have account support folks that we can reach out to, to be able to support us if there's any technical issue.

How was the initial setup?

With the setup, obviously, with a large organization, there are quite a number of things to be done. There is some complexity involved, but generally, I would say that it's been quite successful.

Which other solutions did I evaluate?

We knew we needed to invest in a new solution because, obviously, again, security is a main concern of a lot of clients. Generally, the solution is stable, it's one of the leaders in the market, and it was chosen to be implemented.

I think what we will be looking for when selecting a vendor is in terms of support, technical support, when there is an issue. I think that's a key component to us when we implement a product. We want to be able to deal with issues when they arise. Can we support it? That's what we will look for from a vendor.

What other advice do I have?

Generally, it's been a great product for us to use. It's been stable. It's been a good product.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: My company is a CA partner.
it_user572877
Consulting Systems Engineer at a wholesaler/distributor with 10,001+ employees
Video Review
Vendor
Being able to debug problems is a valuable feature. ​I would like a more modern, cloud-based interface with dynamic real-time information.

What is most valuable?

The most valuable feature is being able to debug problems, even though it can be a little bit complex and you have to know quite a bit to be able to dig around, root around, and figure out what the problem is. But I think getting into it, once you understand it, it's not too bad.

How has it helped my organization?

It definitely makes customers' or users' lives easier. People don't really appreciate it until they don't have it. Once everyone has SSO, if you took it away, they'd say something like, "Oh my God. I've got to put my password in every single time."

Just having it there, even though people may not consciously realize it, is a big benefit for companies. It simplifies things; reduces user/customer frustration.

What needs improvement?

  • I would like to have a really simple interface; a more modernesque, cloud-based interface, with dynamic real-time information on the various configurations or object configuration points that associate with the applications.
  • Ease-of-use
  • Smarter error messages

What do I think about the stability of the solution?

It's had its moments in the past couple years. We've had interesting bugs that we've hit. When you see those bugs, and when they hit you, and it hits production, you get this big skew of, "This is a problem. This is not good." You feel like, "Why did this make it through QA?" Ultimately, there's going to be explanations, potential revenue loss.

CA SSO does have stability issues. Once you can find ways to get around them, whether it's fixes or you configure around them, it starts running for a while and it's OK.

What do I think about the scalability of the solution?

It can scale. You could add more infrastructure. It's very manual.

CA was talking about doing a Dockerized solution, or being able to push out and basically configure new instances of the components. I haven't heard much about it recently.

CA SSO can be scalable, but it's not exactly the easiest thing to do. There is a lot of manual work involved.

How are customer service and technical support?

I'm not very happy with technical support. I know the people in technical support. I usually give the frontline guys a chance but usually, when I report issues, I've kind of gotten as far as I could and I usually need somebody on the back line. With my recent cases, I haven't been too happy with the technical support that I've gotten.

Which solution did I use previously and why did I switch?

I wasn't involved in the initial roll-out or the initial discussions around the solution. From previous experiences, it's usually, a company realizes, if you're part of the security team or the identity team, if the company gets to a certain size, they try to find ways to make things easier to do; not only for employees and customers, but also for audit compliance.

Within that space, there are a handful of companies that do it and they each have their own reputation. CA has a reputation of being a simpler product to use, in some ways, as compared to Oracle, which is a pretty complicated product to roll out. There's a handful of players. Usually, if CA wins, then CA is there.

How was the initial setup?

If you compare it on a spectrum of really easy products to deploy – like single-clicks that can maybe even automate themselves and push out their own instances of themselves – versus, here's a big book of steps that you have to go through, I think CA SSO is kind of on the left side of that spectrum.

What other advice do I have?

Whatever you're considering, this is a good solution. It's got all the plug-ins and the various components – app servers, web servers – and you can customize it quite a bit.

In its space, most of the other competitors have the same sort of challenges. It's probably a little bit easier out of the box to get it to work.

For what it is, it does things reasonably well, once you get it working.

It definitely has maturity, but for all the number of releases that it's been through, I kind of expect that over those years, it just gets better and better. Like, with Microsoft, after three times, Microsoft usually gets something done really well.

CA has gone through SiteMinder/SSO 3.5, 4.0, 5, 5.5, 6, 12, 12.51, 12.52, so you start getting into the game of semi-releases, for different reasons. There hadn't been much changes in SiteMinder significantly until the 12.5 series, so between 6 to 12, there wasn't that much change, and then 12.5, there's a bit more change.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: I used to work for the vendor.
it_user558633
Design Engineer at a financial services firm with 1,001-5,000 employees
Vendor
We use this tool for multiple applications. It supports Grid Authentication.

What is most valuable?

This solution is meeting our requirements for all of our applications. The newer version supports Grid Authentication.

How has it helped my organization?

This tool helps our organization with multiple applications. The solution is meeting the requirements and it is easy to use.

What needs improvement?

We are looking forward to implementing the uptime automation that was mentioned in the roadmap. We will go with the upgraded tool.

Once CA has finalized the cases that we have brought to them, it will be a better product to use.

What do I think about the stability of the solution?

In terms of stability, it’s good.

What do I think about the scalability of the solution?

The scalability is good.

How is customer service and technical support?

We have used technical support. We used them for a few cases we had during our upgrades. Anytime we need help with troubleshooting, we normally use support. We have spoken with them and they are good. They provide us with the proper solution for most things.

What other advice do I have?

This is a product that I would recommend.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user558246
Senior Technical Lead at Exelon
Vendor
You log in once and you can access all of the applications that have been integrated with it.

What is most valuable?

The security and single sign-on (SSO) features are the most valuable.

How has it helped my organization?

It's one login. You log in once and you can access all of the applications that have been integrated into SSO. That's the main advantage that we have seen in the organization.

What needs improvement?

I would like to see more usability; more customer usability.

What do I think about the stability of the solution?

Stability is good. The security by CA is good. It's a great company. In England, CA is very good.

What do I think about the scalability of the solution?

Scalability is also good.

How is customer service and technical support?

We always use technical support when using these solutions. It's okay, with response time, for example. If you…

What is most valuable?

The security and single sign-on (SSO) features are the most valuable.

How has it helped my organization?

It's one login. You log in once and you can access all of the applications that have been integrated into SSO. That's the main advantage that we have seen in the organization.

What needs improvement?

I would like to see more usability; more customer usability.

What do I think about the stability of the solution?

Stability is good. The security by CA is good. It's a great company. In England, CA is very good.

What do I think about the scalability of the solution?

Scalability is also good.

How is customer service and technical support?

We always use technical support when using these solutions. It's okay, with response time, for example. If you have any issues, you open a ticket to support and there are some very good support technicians. I know most of them. However, I do know quite a few of them that are not that knowledgeable. That's where the frustration comes in, when you really need an answer. When the ticket is assigned to that tech, you cannot be switched and start over. That's the only thing I faced. Other than that, if it goes to the right tech that knows the product, boom!

How was the initial setup?

With the initial setup, there was some complexity and some straightforward things.

What other advice do I have?

Cost is the most important criteria when selecting a vendor.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558639
Senior Member Technical Staff at a comms service provider with 10,001+ employees
Vendor
It enables us to integrate multiple applications. The user experience adds value to the company.

What is most valuable?

The most valuable feature is that it enables us to integrate multiple applications and give our users a true single sign-on experience when they go from one app to another app. From the user experience point of view, it definitely adds value to the company.

It's one of the leading products in the market today. Everybody likes it.

How has it helped my organization?

It definitely reduces the amount of time the user needs to access each application. They don't need to go through the login process to access individual apps. CA SSO does help us provide our users with a single sign-on experience.

What needs improvement?

We are definitely looking forward to versions 12.6 and higher because they are based on a 64-bit framework. We are looking forward to leveraging this to get better performance out of the product.

What do I think about the stability of the solution?

We have been using CA SSO for more than ten years and we don’t see any issues in terms of stability. It is a good product.

How is customer service and technical support?

We do leverage technical support for any questions about new features; or if there are bugs in existing functionality, we benefit from their help with the fixes.

How was the initial setup?

I wasn’t really involved with the initial setup. Most of it we basically do ourselves with the tools and the documentation that CA provides.

What other advice do I have?

We have two business units: wireless and wireline. Wireline was already using Single Sign-On, so that's why we decided to stay with the same product on the wireless side.

CA SSO is a good product with a lot of features. CA is continuously evolving that product by adding new features. It will definitely help any company achieve their single sign on goal.

When we select a vendor, our most important criteria are the number of features they provide, how those features fit into our ecosystem, and the amount of time users spend to do what they want to do.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558351
VP Web Authentication Engineer at a financial services firm with 1,001-5,000 employees
Vendor
Securely logging in to our company's intranet does not require a password. It is too much of a beast for small to mid-sized companies.

What is most valuable?

It provides single sign on for our company’s intranet. With that, when you log in, you don't need to enter your name and a password. It provides simple, secure access to company's intranet sites.

What do I think about the stability of the solution?

It was not stable when I got there. The more recent versions have been stable.

How is customer service and technical support?

They have some strong performers, and then there are some other guys that we get and find that we need to ask for the case to be reassigned. My staff is pretty highly experienced, so they really need to work with the stronger support staff.

What other advice do I have?

If someone came to me for advice, I would ask them specific questions about exactly what they need to secure on the internet, and how much of it they need because I think that one drawback to this product is that it's too big. It's too much of a beast. A lot of times, small to mid-sized companies really just need smaller bits and pieces that are available from other vendors, rather than tackling this whole beast. One thing that other vendors might do better is doing more with less with less cumbersome installation.

The most important criteria when choosing a vendor is the product's stability, so we consider overall impressions of the product’s standing in the market. Does it have good reputation for being stable? Is their company, overall, stable? We also look for ease of use of the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558159
Senior Security Analyst at a financial services firm with 5,001-10,000 employees
Vendor
Multiple users with multiple applications can be authenticated in a single location. It's a stable, durable product.

What is most valuable?

I think the most valuable features are handling user authentication and integration with the other applications within the suite, like Single Sign-On.

How has it helped my organization?

Multiple users with multiple applications can be authenticated in a single location.

What needs improvement?

I really can't answer this right now. We have so many other products that serve our needs. There are other vendors that satisfy some of our requirements, so I'm not exactly sure what CA would be able to provide us with.

What do I think about the stability of the solution?

For the most part, SSO is very stable. Since deployment, it's been very stable for us. We do very regular metrics on availability and we're in the high, high 90s, 99% I think, so it's a very stable, durable product.

What do I think about the scalability of the solution?

I think there are some drawbacks to the scalability. At a recent conference, we heard that it's going to be a lot easier to scale for larger companies. That's going to be good in the future.

How are customer service and technical support?

Sometimes technical support is slow to respond, and that’s typical. Normally, the first response is, "send us your logs", so they can review our environment. There are specific people assigned to our account, so they know what our environment is like, but they still want to have the log so they can look at it. Sometimes that slows the process of problem resolution.

Which solution did I use previously and why did I switch?

This decision was made before my time. I came in when the decision was made to go with CA for identity management. Our company was going through a transition of ownership and all the decisions were made at the time. That was about 7 or 8 years ago.

How was the initial setup?

I came 2 or 3 months after the initial setup, so I wasn't part of that. We had a third-party company help us with our development and deployment, so they pretty much took the ball and ran with it. I don't know how complex it was for them. When they presented it to us at deployment time, we were ready to go.

Which other solutions did I evaluate?

We were looking for anything that would have satisfied our requirements.

What other advice do I have?

Make sure you know who your support staff is, who your vendor representatives are for your account and really get to know them. Give them the requirements that you need and make sure that they're following through. Build good rapport with them. That way they can help you determine what you need to do and feel free in giving different types of suggestions.

When selecting a vendor, we look for:

  • responsiveness
  • technical support of the product
  • accessibility of the technical support teams
  • product knowledge
  • ability to train their customers on their product
Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558435
Security Architect at a financial services firm with 10,001+ employees
Vendor
It presents a standard pattern for people to secure their applications.

What is most valuable?

The most valuable feature is that it's a rock-solid enterprise solution. It's the de facto standard. It works. It does what we need it to do in those circumstances, and it does it at scale.

How has it helped my organization?

It presents a standard pattern for people to secure their applications. In that regard, along with the tooling that we've built around the product, but the product itself as well facilitates app teams being able to do their application development, and then let security be layered on in the front of that. Given that we are a bank and we have significant issues around strong authentication, etc., that means, we can take care of that. The app teams don't need to keep up to date with whatever is new and current. They can just keep deploying applications. We deal with the security.

What needs improvement?

I think our questions, from me and our team, relate potentially to other products in the CA portfolio. There are other things such as strong authentication, risk-based authentication, and especially API management, which all represent a portfolio that could be integrated. Our interest is knowing the roadmap for making those part of a more seamless offering. If you like, it's the aggregation of the features of all those products, and how they come together.

What do I think about the stability of the solution?

It's very stable. I don't know that we've ever had it go down on us. It's occasionally gone really slow, but I don't think we've ever had a complete and utter outage that was the result of the product.

What do I think about the scalability of the solution?

It scales. You have to pay attention to its dependencies on the rest of the ecosystem, and especially the directory. That's what's bitten us before; make sure that your directory is responsive, near, and is scaled appropriately for CA SSO.

How are customer service and technical support?

We use technical support. It's not the best feature of CA. Lots of enterprise product companies have variable support offerings. CA are not the worst, but they're not the best. They're okay.

Which solution did I use previously and why did I switch?

I wasn't necessarily involved in the decision to invest in a solution like CA SSO . I was brought on post that decision, but it can really be summarized as: The previous solution was a combination, a kind of hybrid, of a third-party vendor who we fell out with, and some home-produced stuff that was clearly not fit for purpose. There were commodity products out there that could do it, and SiteMinder, CA SSO as it is now known, was the best and most scalable one at the time. We have a large enterprise, so it was the obvious choice.

Which other solutions did I evaluate?

I believe the one that we had fallen out with, a big third-party vendor, was still on the list but for nontechnical reasons, they were not really considered. I think there were two other vendors in the frame.

It's difficult to name the most important criteria when selecting a vendor like CA. In our minds, CA is a product company and not so much of a solution company. I think they have aspirations to be a solution company. Delivery of a solution, working with us on the requirements is quite important; understanding our problem and our space. Price is actually quite an issue with us. The new, modern world, cost constraints, especially in the financial services sector; we're all looking to improve margins in a tough climate. Cost is an important issue as well.

What other advice do I have?

You definitely need to consider CA SSO but you need to be mindful of the new ways of developing applications, and possibly look at the CA API Gateway product or some hybrid solution as well. You definitely need to consider CA SSO.

It is quite solid. It's never really gone down. It's a well-understood and reliable piece of our enterprise. The only reason I didn't rate it higher is that it's becoming a little less appropriate for the more modern styles of web application development, which is why I am curious about CA API Gateway and leveraging that. I think that represents all the features that are missing from CA SSO.

Clearly, we can go and buy the new product set and I guess CA would love that, but there needs to be a story about how the two live next to each other. It seems like that story is worked on in the SSO world, and it's worked on in the Layer 7 world, in the API Gateway world. I don't know if it's being worked on as a consolidated whole; a solution. That brings me back to the point I made elsewhere about solutions vs products.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558078
Information Security Consultant at a aerospace/defense firm with 1,001-5,000 employees
Consultant
Any engineer can implement it using the documentation. The Federation feature needs to be improved.

What is most valuable?

There are a few valuable features in this product, such as single sign-on and web access management.

Centralized control to enforce security for the entire enterprise and complete visibility of the policies which we implement for most of the web applications make it more valuable for any enterprise. The ease of implementation is standardized and the availability of documentation on the CA Portal is very informative for any engineer to go ahead and implement it on his own.

From time to time, there are various upgrades available on the CA Portal that make it more compatible for all the different web servers or app servers to get it implemented.

How has it helped my organization?

It improves the working of our organization in the way that it secures most of the web applications or mobile applications. In addition, we don't have to depend on any other application teams to do any custom coding, as such.

What needs improvement?

Some of the features need to be improved. For example, the Federation feature. CA SSO is getting into that space and can definitely do better than the other products that are available.

It doesn't have a lot of features. I think there is some customization that's required on the CA Federation side if it has to get attributes from a different source. If an authentication has to happen in one source and then get attributes from some other source, then there's a requirement to do some custom coding work.

What do I think about the stability of the solution?

It's very much stable. As long as it works, everyone will be fine, but the minute it breaks, our enterprise will scream.

What do I think about the scalability of the solution?

It's very robust and easy to scale. We were able to scale it within 2 weeks.

How are customer service and technical support?

In regards to the technical support, the response time is good and they can give more hands-on information to engineers. Most of the time, they point to the available documentation on the CA Portal. But once we engage our point of contact, i.e., the partner contact on ASI, we get more attention from CA experts.

Which solution did I use previously and why did I switch?

We were not using any other solution. We have been using this product for at least nine years.

How was the initial setup?

I was not involved in the initial setup but we were involved in most of the migrations after the initial setup. The migrations are not very complex; it is moderate and not simple, either.

Engineers need to go through the documentation to fix some of those issues. One of the struggles was to create some of the indexes on their pre-server that we didn't know how to do. At that time, maybe, we were a few of the first customers who were doing this. So, we ran into some issues which were not even known to the CA support team.

What other advice do I have?

It's definitely a good product and you won't go wrong if you choose this product. It's proven and is working fine. We can scale it. The support is also good. It's very stable and I don't think there is any other product which provides this kind of functionality.

The important criteria whilst choosing a vendor were scalability and the enterprise-level features that are compatible to all different versions of app servers and web servers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558408
Senior Architect at a aerospace/defense firm with 1,001-5,000 employees
Vendor
Secure and standardized web access management provide a positive user experience. A lot of configuration is required.

What is most valuable?

It's flexible, powerful, and superperforming, I'd say. It performs very well on the road.

How has it helped my organization?

We can secure many access points, whether they are local apps, or on-premise, or in the clouds with third parties, with partners, or with customers. It manages user profiles and identities so we can secure and standardize our web access management.

What needs improvement?

The admin UI needs to be more stable. They should bundle more of the products and get rid of a lot of the small pieces which we need to configure on the top of the initial setup. Examples of this are the SM Console and the registry.

It should be easier to implement and deploy; and it should support more platforms, such as more operating systems.

What do I think about the stability of the solution?

It is much more stable than it was before. Now it is getting to be very stable, especially when you tweak it properly and follow CA best practices.

What do I think about the scalability of the solution?

It's very scalable. Right now we're on the 32-bit version. We need to add more servers and more capacity to handle the loads. I hope the next version will be even better than it is now.

How is customer service and technical support?

Technical support is above average. It used to be below average, but they improved a lot over the past year and a half.

Which other solutions did I evaluate?

  • We needed to implement secure access. CA is a leader in this area, so we went naturally with the best. We also chose CA because of the way they interact with customers, pitch new features to us, ask us for feedback, and provide us with support.
  • The product itself is easy to implement.
  • The login is super-responsive so that there is no lag before you can access the system. This provides a positive user experience. It is flawless. I log in once to my portal, and that's it. CA Single Sign-On takes care of everything else.

What other advice do I have?

You need to know exactly what you need to do. So you need to know your use cases, your needs. Just go ahead, contact CA, and see what comes out of it. It's a great product, so just use it. Try it out.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558552
Security Architect And Managing Director at a financial services firm with 10,001+ employees
Vendor
Out-of-the-box authentication for a majority of apps. REST APIs are not easy to deploy, and more mature ideas for the Cloud are needed.

What is most valuable?

SSO provides out-of-the-box authentication for the majority of the apps; and it provides a holistic solution for the company. Right now, we are using an on-premise solution. If we want to move to the Cloud, CA has that solution as well. So we’re positioned quite well to move into the Cloud as well.

They take the authentication and the core screen authorization out of application code. They also integrate with other security products very well.

How has it helped my organization?

SSO has impacted security on the whole. It has provided a very good user experience. We have recently moved from an experience in which users had to log in multiple times. Now they love it because they don't even have to have a log in because we integrated certain functionality from the CA side, like integrated Windows authentication. Users love it for certain applications where they had to log in a number of times during the day.

What needs improvement?

CA has come up with and has talked about Cloud-based solutions. I would like to see more mature ideas than what they're providing. I'm sure they have that on their roadmap. There are certain integration points that can be leveraged and made more easy to deploy, like the REST APIs and things like that. That is an opportunity to make deployment easier for any employer or for any company. They are talking about it. It’s going in the right direction. That’s for certain.

What do I think about the stability of the solution?

The stability of the solution depends on how you implement it. It's stable. There are no known issues. If there are patches required, CA provides patches regularly. Overall, it is pretty good.

What do I think about the scalability of the solution?

There's really no limit to scalability if you have the right hardware and right architecture. I wouldn't put it on the product. It's how you deploy the product. Thousands and millions of authentications are done in seconds and milliseconds, so scalability is not an issue at all.

How are customer service and technical support?

The company has used technical support. It's usually used if they need upgrades. If they need some help, they have it. The technical support is on par with the current level of support in the industry.

Which solution did I use previously and why did I switch?

This happened before my time, so they actually had either a home-grown product, or they had some legacy systems for provisioning or for authentication. They had a different product which wasn't doing exactly the same thing, but this a very mature product. This has been there for a long, long time, for the past 20 years now.

Which other solutions did I evaluate?

They evaluated other options before choosing this one way before I was there. However, for example, there are other security and security engineering products that they're currently evaluating. Some of them are from CA, and some of the others are in-house. For example, privileged access is an important one and the company's talking to CA about Privileged Access. They have a product which is not really meeting their requirements today. Hopefully, the Privilege Access one will take care of that.

In choosing a vendor, the relationship is one of the most important factors. In today's world, everybody has the same features, so it’s the relationship that matters. It's not a vendor. It's a partnership. You develop that, and you're pretty much covered.

What other advice do I have?

It depends on what requirement is the most important to them. Is the Cloud the most important thing to them; or is in-house important to them? The main consideration is what issue are they trying to address? If they're trying to address the user experience, everything holistically: CA, Oracle, RSA, they're all, again – it all depends on the relationship and what CA provides.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user558618
Senior Specialist IT Architect at Pramerica
Real User
It integrates with third-party components and platforms. We use it for SSO across internet-facing applications.

What is most valuable?

The most valuable feature is the flexibility of this product to integrate with any third-party components and platforms. Support for those is a really interesting feature.

How has it helped my organization?

It is a decent solution. We have been using it for our SSO API stuff. We also use it for implementing single sign-on across internet-facing applications.

What needs improvement?

One of the features that needs improvement is the capability of implementing single sign-on in cloud. As a client-server model, we depend on the IP addresses that break when we move into cloud, so more of a REST API approach is needed.

There are still areas in this product that need to be improved, as in every other product.

What do I think about the stability of the solution?

The newer releases are quite stable. We do come across some issues, but the release cycles are good and quite impressive.

What do I think about the scalability of the solution?

Scalability is decent. We have been using it for a long time and we don't have any issues with the scalability part of it. It is quite scalable.

How are customer service and technical support?

The technical support level varies from average to medium. We would like them to improve parts of their technical support so as to provide quicker and better solutions.

I wouldn’t blame the technical support team, as they need support from the engineers. There is need to provide more training to the technical staff in regards to the latest features.

Which solution did I use previously and why did I switch?

We were using some other tool previously. At one point, a requirement came up for a more stable and enterprise-wide solution, so we decided to invest in the CA tool.

How was the initial setup?

The setup was complex because we customized the entire implementation process. Although, I doubt any other customer would use it in a similar way.

Which other solutions did I evaluate?

I was not part of the discussion for shortlisting other vendors but I am aware that our company did perform some POCs and narrowed it down to CA SiteMinder.

What other advice do I have?

It is a decent solution. CA is focusing on improving the stability of this product and their future roadmap looks quite promising as well. Companies should invest in this product and should think of it as a competitor.

When selecting a vendor, we focus more on the technology standpoint; how flexible the product is; how much customization we can do; the support availability.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558558
SiteMinder Architect at a consumer goods company with 1,001-5,000 employees
Real User
It protects the company from vulnerabilities and has improved our user experience. The quality of support and documentation provided are my primary concerns.

What is most valuable?

Security is the most valuable feature.

How has it helped my organization?

It enhances the user experience and the security posture for the company. It protects the company from vulnerabilities.

It has improved our user experience quite a bit because they can log in once and go to any application they want, as long as it is integrated with SiteMinder, which was the not the case before. So, in terms of productivity it does add a lot of value.

What needs improvement?

We would like to see more information on the analytical piece of it. There are certain other components which are integrating, advanced integration, that might add value to it. We would like to see the CA SiteMinder by itself provide threat analytics, depending on behavioral authentication and so on, without having to add an extra piece to it.

For how long have I used the solution?

We've been using this product for about ten years.

What do I think about the stability of the solution?

This product is quite stable. We've been using this product for about ten years. We haven't experienced a situation where we had to take an outage because the product was unstable. The core policy server is pretty stable, but there are other add-ons that keep coming up with which we keep having problems. However, CA has been proactive in fixing these issues.

What do I think about the scalability of the solution?

The scalability of this tool is very good.

How are customer service and technical support?

I would give the technical support a rating of 2-3/10. Most of the time, from my experience, every time I have an issue, techncial support tries to buy time by asking me some unrelated questions or by trying to give me information that does not match my requirement. I need to push hard to get a subject matter expert who can help me with the product. This is an experience I have been having for the last 4 to 5 years; it is not new.

Which solution did I use previously and why did I switch?

We were not using any other product before this one.

How was the initial setup?

I was involved in the initial setup process. The initial setup was neither straightforward nor complex. It is medium, depending on the implementations. It was a bit complicated because of the number of components that we had to install, based on our setup.

What other advice do I have?

Any advice I would give about this product would be an honest reflection of my experience with this product. From the technical perspective, as much as we can do, it has been pretty good. Don’t get me wrong, our account manager is great; there is no question about that. However, the quality of support and documentation are my primary concerns.

Some of the most important factors while selecting a vendor are the vendor’s technical experience, our approachability to them, their response back, licensing costs and so on.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558498
Assistant Director of Application Administration with 1,001-5,000 employees
Vendor
Once we have our authentication and authorization policies set, it allows us to duplicate them across all our applications instead of trying to develop each application individually.

What is most valuable?

The most valuable feature is that it takes a lot of the logic for authentication and authorization out of the hands of your application and moves it into a centralized framework. Once we have our authentication and authorization policies set, they are easy to duplicate across all our applications instead of trying to develop them into each application individually. That’s where we probably see the most benefit or the most cost savings for our organization.

How has it helped my organization?

It has reduced developer costs; we get some of that back. Before, when we used a tool that was engineered in-house, it still required a lot of developer resources. Every time we created a new application, it needed to integrate into our in-house solution.

As we are now moving away from that, this product gives us the ability to have single sign-on zones expand outside of even what was normally our in-house product, to now use things like federation and SAML to carry out single sign-on, to things that might not even use the single sign-on solution from CA.

Increased single sign-on zones and then saving on developer time/costs are the biggest benefits.

What needs improvement?

One thing that we found a little difficult, was the default functionality to understand error messages coming back from a directory. You had to either use an add-on product or an advanced password service or perhaps change components within your directory, just to understand a simple message whether if a password has been expired or if it was incorrect.

Since then we have bought an additional SM Walker product, which is a third-party solution to resolve this issue. However, it would be nice if that aspect of the solution was a default functionality, within this tool itself and not something that you had to purchase as an add-on feature.

What do I think about the stability of the solution?

It has been good, after the initial first year or two that we purchased this product. When we first started out, we had some implementation issues; maybe it was not configured correctly and that caused us some problems.

Once we figured out those issues, it has been very stable since then.

What do I think about the scalability of the solution?

Once we were familiar with the product, we haven't had any problems with its scaling. We had to figure out the factors that need to be increased so that we can scale up and also elements to look for as far as performance is concerned. We continue to use it more and more, along with an increasing number of applications being brought over.

How are customer service and technical support?

We have used technical support quite a bit. Once we get connected to someone who understands the issue and can explain the necessary solution to us, it has been very good. For us, getting to that person or to the second level of support is time consuming. We have to jump through a lot of the same hoops in order to get to that person. The initial first level support is not as great, however once we get to that second level, we usually get back meaningful solutions that help us out.

Which solution did I use previously and why did I switch?

Initially we didn't find the need to invest in building ourselves. We had an in-house product that we had developed and as time passed by, there were some security holes that can be found in any existing product. It wasn't cost effective for us to maintain it. Hence, the decision to purchase a third-party software like CA Single Sign-On/Shibboleth/CAS made a lot more sense as the expense incurred for purchasing any of these products was much less than for us to create or develop our own in-house solution.

Basically, it did not make a lot of sense to try and reinvent the wheel when nothing unique was needed for our organization. It was just more logical to buy another tool versus using an in-house product.

How was the initial setup?

With the default set up, there is always a limitation on the number of connections that you can have under your policy servers. We didn't know this and it wasn't something that we were informed of, during implementation. As a result, as soon as we hit the maximum limit we started experiencing issues. It probably took us about a month to figure out the solution, which ended up being rather simple but that was a big bump in the road for us and hurt us in the initial stages itself.

What other advice do I have?

During implementation, make sure to verify the tuning guide. We had a transition with our implementation person, who was changed in the middle of the process. In our case, factors such as maintenance and performance tuning were skipped over. We didn't really get to those aspects until we were live-in production and then needed to work out some of these issues. Thus, don't underestimate such a situation because when you experience such issues your customers are also going through them and then at that point it is public.

Mostly, our experience with this product has been good. There are areas that we think could be improved but mostly, we are happy with it.

The 2 other systems that were seriously considered were Shibboleth and then CAS. One of the main reasons as to why we decided to purchase this product, was the authorization functionality that exists in CA SSO. It was more suitable for a lot of our products as we could save time in the development aspect. I am not sure if any such functionality did exist at that level or complexity in either Shibboleth or CAS. Thus, for us this was a major selling point.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558573
Technical Lead at a hospitality company with 1,001-5,000 employees
Vendor
For authentication purposes, we can keep security out of our applications. More UI templates would be nice.

What is most valuable?

With Single Sign-On, we don't have to do anything in our system.

After they deploy the application, everything works seamlessly. That's the main benefit that we get out of this product. For authentication purposes, we can keep security out of our applications, which is productive for us.

How has it helped my organization?

We can rapidly onboard different partners. We don't have to wait for months to do that. For this, we use the Federation feature from CA Single Sign-On, which helps us a lot.

What needs improvement?

There is a need to introduce more templates in the UI side and this would help design this aspect better. As of now, there are only a few samples available.

There is scope for improvement in this product.

What do I think about the stability of the solution?

It works fine. We did not find any stability issues. It is very rare to see something go wrong, so the application is quite stable.

However, we have noticed that when you update to the latest version, it can be unstable. Right now, we are in a stable environment.

What do I think about the scalability of the solution?

You can scale it very easily. It works exactly the way the product has been documented. We can scale it well and we did not find any issues with it.

How are customer service and technical support?

The technical support level is moderate. I would give it a 5/10 rating.

It depends both ways - we need immediate solutions however from their end, it takes time to get answers.

Which solution did I use previously and why did I switch?

We required such a product, as we were using an old solution. That’s how we started using CA Single Sign-On with the CA SiteMinder.

How was the initial setup?

The setup was not straightforward. I would give it a 7/10 rating - 1 being simple and 10 being complex. So, it was quite complex.

What other advice do I have?

I would advise others to use this tool as it is robust and mostly it solves all the problems that arise in our industry.

We did consider other vendors. However, after we saw the demo for this product, we decided to purchase this product.

The factors we looked into before purchasing this product are the benefits of this product, how CA functions with other tools, costs, the level of support provided, upgrades and so on.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558531
Security Compliance Specialist at a financial services firm with 1,001-5,000 employees
Vendor
You can use it to protect web services and web applications.

What is most valuable?

The flexibility; the multiple authentication schemes you can use; and the fact that you can use SiteMinder single sign-on to protect web services and web applications.

Customer support has been great too. CA has been good with my questions, getting us solutions for our two factor off, which we implemented a few years ago. They worked with us to get that rolled out. It's really flexible; and I think that's my favorite part.

How has it helped my organization?

We're able to have one single centralized way of logging in when you have shared sessions across all applications. It's flexible enough to have our two factor off implementation with it. It just makes things really easy for our users, both internal and external.

What needs improvement?

Like I said, it's pretty flexible. I mean it's met every one of our needs so far. We're currently looking to find ways of using the same authentication, which we've never actually used in it yet.

We're working with other companies now to provide federated authentication, both in and out. I will have to try that before I can say whether or not it's going to work. If it doesn't work, I think that's something we will have to explore with CA to find third-party alternatives, or something else in the future for enhancements.

What do I think about the stability of the solution?

I think SiteMinder's been perfectly stable. We just went through an upgrade about two years ago. We're still on SiteMinder, not SSO yet; so we still have another upgrade to do in the next year. It's been perfectly stable.

What do I think about the scalability of the solution?

Our customer base is not the largest. It's probably about 10,000 right now. It's scaled fine. There's no problems there. I think we have room to grow if we need to. In terms of the number of applications we have thrown on there, it's grown pretty much exponentially since I started. No problems.

How is customer service and technical support?

I've used technical support and I will say that I've said this to our sales rep a few times in the last two years, the customer support at CA has gotten so much better since I've started.

I used to get the runaround initially. They would ask us the same four questions all the time. I always felt like they were trying to brush me off and tell me “Go figure it out yourself” for the first few conversations.

For the past few years, it's been more like, "Okay, we know what you're on; we're tracking what you're doing; and we know that you're on this version and this version. How can we help?" It's more of a conversation, and that's great.

How was the initial setup?

We converted from DMS, which was SiteMinder before CA bought it. I think it was relatively straightforward. From what I heard, there was a roles conversion process. We went from the old way of doing tasks to access roles. This required some work, but at that point, we didn't have that many web applications; so it wasn't a huge deal. It sounded like it was pretty smooth.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558654
Manager at a consultancy with 10,001+ employees
Consultant
When using this product, different applications are not trying to build their own security solutions.

What is most valuable?

It is a flexible platform.

Using this product makes it easier for enterprises to integrate a majority or even all their apps into one single solution for access. Its easy-to-use functionality is the most valuable part.

How has it helped my organization?

The primary benefit of this product is security. It improves the overall security posture of the organization.

Secondly, establishing such a platform helps in saving costs as different applications are not trying to build their own security solutions and spend more money there.

What needs improvement?

A simple feature that still does not exist but it should be implemented as soon as possible, is that if a user is accessing an internet app from the internet, then it should perform a desktop single sign-on. But, if the same application is accessed outside of the network, the users should be given a page login. I don't want customization to implement this behavior, since this should be a simple configuration within SSO functionality. This should detect whether you are accessing from inside/outside of the network and accordingly present the authentication. This feature does not exist today and it is something, that almost all our clients ask for.

What do I think about the stability of the solution?

This is a mature and stable product. It has been a leader in the market for around 10-15 years. I can't imagine another competing product out there.

What do I think about the scalability of the solution?

This product is both stable and scalable. I've seen up to 5-6 million users.

How are customer service and technical support?

One advice for all would be to build relationships with the CA technical support team.

It is important to utilize your account manager if you're a customer or your partner contact if you're a partner, as this is the best way to get more information from them. In my opinion, building these relationships makes the entire the experience better.

Which solution did I use previously and why did I switch?

Some of our clients, at times, have thought of using different solutions. The main reason for that is sometimes they do not have skill to harness the capability of this product along with the features that it offers.

When the client approaches CA, it provides an answer that is more product-oriented, rather than solution-oriented, so there is a communication gap. When we are at the client's side, we bridge this gap and that's why our customers are more successful working with us and CA together, rather than working directly with CA.

How was the initial setup?

I was involved in the initial setup process for some of our clients.

For SSO and its setup, the process was straightforward.

What other advice do I have?

It is very important to educate yourself in regards to the capabilities of this product by interacting with CA or attending conferences like CA World as they give you an insight about all that the product has to offer.

Single Sign-On is a mature product and hence I would be confident in recommending it to our clients.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558636
Director of Project Management at a local government with 1,001-5,000 employees
Vendor
It enables integrated access to our separate HR and time reporting systems using a single profile.

What is most valuable?

The biggest value for us is being able to use SSO as a service that we can expose to all of our customers. For all of our customers, the idea is to have a single sign on where one account is created to access all of our systems.

How has it helped my organization?

It really improved the speed to market from account creation through provisioning, and onboarding. That's really one of the biggest advantages. Also, as users move from system to system, their account access follows them through it; so you don't need to create new credentials every time. That's one of the biggest benefits for us.

For instance, we have our HR system and our time reporting system. Those are two separate systems, but integrated access is possible using a single profile. It's great. You log in once, and you get that seamless account integration.

What needs improvement?

I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.

But I think it's good. We're not in any major problems right now, so things are good.

What do I think about the stability of the solution?

It has been very stable.

What do I think about the scalability of the solution?

We haven't had to scale really far out yet, but that's coming. We're probably going to double our usage in the next 12 months. That remains to be seen, but we don't really foresee any major problems there.

How is customer service and technical support?

Technical support has been great. We do rely on them quite a bit. The organization is small, so having the ability to reach out to some really qualified people on the team helps. They've stepped up and really helped us through some of our implementation problems early on; but we're all good now.

How was the initial setup?

Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.

Which other solutions did I evaluate?

We looked at some of the Microsoft tools, ADFS and those pieces. We also looked at Azure and all those; but ultimately, we wanted something one per miss. We wanted it to be a service so that we could expand. We wanted to be able to scale up at our pace; and that's really where the SSO product fit right in.

What other advice do I have?

From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user558561
IT Engineer at Qualcomm
Vendor
Takes the burden off the developer and easy to use. Very complex installation process.

What is most valuable?

The valuable features are security in general and ease of use. More specifically, ease of use for the developers, and security where the developer doesn't have to know about authentication or security. You just put the agent on, and it's all handled for them.

How has it helped my organization?

This product takes the burden off the developer. It increases productivity, because they don't have to worry about security in their code as much. This speeds up and aligns the development. The product works on my IP as well.

What needs improvement?

I would like to see reporting, REST-based queries. Reporting is a big one for us. We want to be able to put in the URL and get a list of all of the access that that URL has. On the flip side of that, one could put on a LDAP group, and program this LDAP group to get access to all of these URLs. That's something that we don't have today, and we're actually trying to build that. It would be nice if that was built into the product, and be API driven. Anything that we can do in the user interface, we want to be able to do that programmatically through SDKs, or through a rest interface. It's all about automation stuff. With everything moving to AWS right now, we have everything automated with CA Single Sign-On, except for the installation. That's the main reason behind my rating.

What do I think about the stability of the solution?

The stability is pretty good. Probably on a scale of ten, I would rate it as a nine or ten.

What do I think about the scalability of the solution?

I would rate the scalability as an eight or nine.

How is customer service and technical support?

In the past, I'd say our quality of technical support was probably pretty low. In a lot of cases, it seemed like we knew more than the support person, but recently it has gotten a lot better. In the last few support cases, it seemed like they were really knowledgeable people, so I think it's heading in the right direction. Technical support is a lot better now.

How was the initial setup?

The installation process was complex. There are a lot of different moving pieces, and the main complaint is that it's hard to automate any of it. There are so many disparate pieces, and it's not built on top of micro services, neither is it API driven.

What other advice do I have?

I think the relationship with the vendor is good, that they come to us for feedback. They ask us what we want to see in the product. I think is becoming better now than it has in the past with the community. I actually submitted a community idea, and within a year that was actually put into the product, so I think it's getting better in that regard. I would say first try to figure out what your business requirements are before you come up with a solution, and then look at what the solution is. In a lot of cases, CA Single Sign-On could meet those business requirements.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user372576
Sr. Systems Engineer Principle at a retailer with 501-1,000 employees
Video Review
Vendor
We've found it to be a reliable and scalable SSO solution.

What is most valuable?

We use our SSO CA product for doing our single sign-on for our B2B customers. We have about 200 applications that sit behind it and it does all our single sign-on for about 50,000 customers that we have in our B2B space.

We have three single sign-on products in our office and I believe that the CA product offers the best product of the three. We have Oracle Access Manager, and Open SSO also. Single sign-on is very fast. I've always been impressed with that. It's flexible. It give us a lot of opportunities for growth. It's been a very reliable product for us.

What needs improvement?

I'd like to see the federation piece made a little simpler. Working with Samuel in federation and those components, it can prove pretty challenging and that's where we've had to go outside and seek additional help on those areas. Their interface could use some work but they made great improvements with the 12.5 release. I think those are the primary areas.

What do I think about the stability of the solution?

I've found it to be a very stable platform. Unlike some of the other products we have in place, the up-time is very good. We find that it's very easy to establish high availability. We have to run a 24/7 shop to keep our customers happy and it's proved to be very reliable for us over time.

What do I think about the scalability of the solution?

It's a very scalable product. From our perspective, we aren't much of a high volume customer and I know that based upon other customers that use the same product, they've been able to see a tremendous amount of growth with the product. We feel very comfortable that CA is continuing to improve it and move forward with the product for us in coming future.

How are customer service and technical support?

I haven't had to use their technical for too much until recently when we were going through an upgrade right now. They've been very helpful in that role. We've got a couple consultants on board to help us out through the process and they've always been very reactive.

Which solution did I use previously and why did I switch?

When you go through different management changes, a new manager comes in and they like different vendors so we've tested different vendors throughout it. We've been through some mergers and we've tried the Oracle's product and we were told to use that on some new systems. It hasn't proved to work real well. Now that we're moving forward, we believe that the CA SSO probably offers the best solution going forward for a single sign-on.

How was the initial setup?

Like any other product, it's complex in setting up. You have to architect it properly and know how you want to set the product up and use it going forward, what platforms you want to run on. It does take time, but like any other major product like that, if it's done right it will work well for you.

What other advice do I have?

While I think the vendor, it would have to be a large enterprise vendor who can support and offer the scalability that we hope to have in growth of a product. Our plan is to grow that into our consumer space, which will really expand the need for the scalability. I think those are the primary factors along with the support that you need in order to support a product like that.

I would say it's got to be an 8/10 because there's always room for improvement but I think it's a good product and I think an 8 would be a good score.

Recommendations: I would have them look at the same thing for scalability. Implementation is a component, ease of implementation. It can get complex so you have to do it right. Looking at those areas is very important but I'd highly recommend the product for anybody who wants to use a single sign-on.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user383802
Security Engineer at a aerospace/defense firm with 10,001+ employees
Vendor
Allows a user the ability to use the same credentials for different secured parts of a website.

Valuable Features

The most valuable feature is that it allows a user the ability use the same credentials for different secured parts of a website. From a user-experience perspective, that's important because you don't want to have to remember or write down several sets of credentials. When a user comes into our website, they just want to go about their business, not spend half and hour trying to figure out how to log in.

Improvements to My Organization

SSO has been able to bring together many different pieces for authentications -- directories, databases, networks, etc. It's able to, for example, authenticate against ten different directories to give people just one set of credentials.

Room for Improvement

It seems that when there's a new version, patch, or service pack, we find bugs. There have been times where we've had to revert versions because of bugs. It has gotten better, however, and we used to have a lot more issues. There is still a lot of room for improvement in this area.

Deployment Issues

We've had no issues with deployment.

Stability Issues

The stability issues we've experienced have some with new versions, patches, and service packs.

Scalability Issues

We have it built way above what we need. We have more servers than we need so that we're not impacted if one goes down. We've built in redundancies as well so that there's no single point of failure. We have a highly available system.

Customer Service and Technical Support

Technical support has gotten a lot better. We have a pretty complex environment and we used to have to explain it every time we opened a support ticket. Now the support engineers know our environment.

I'm actually impressed with technical support now because we have many different pieces to our SSO environment with lots of custom modules. They have their resources and can get back to us with answers.

Initial Setup

It was initially complex because we had many directories. Upgrades, however, are simple. But there's no way to downgrade. You have to uninstall and reinstall the previous version.

Other Advice

My advice would be to set up several environments, including a sandbox where you can test upgrades and products without impacting users. Then have a dev environment for some users to test.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user382632
Cyber Systems Engineer with 10,001+ employees
Vendor
The most valuable feature for us is the user experience in being able to use one set of credentials to access multiple applications.

What is most valuable?

The most valuable feature for us is the user experience in being able to use one set of credentials to access multiple applications. Also, I've never seen anything that does what SSO does. The first time I ever saw SiteMinder/SSO was in the early days of Netegrity, which was version 3.0.

How has it helped my organization?

It allows us to be able to collaborate with external partners, such as the government, in such a way that we're able to find out what they're actually looking for in a product we provide.

What needs improvement?

We've been looking for a tool that can help us do a better job of monitoring and of helping our users. Unfortunately, SSO doesn't really allow us to do that. We have to basically do it through brute force.

We've recently purchased a product called IdentityLogix which is going to help us do it. We looked at IdentityLogix for two-and-a-half years and we recently purchased a license from them. We'll be setting that up in the next couple of months. It should also allow us to see some analytical information that we're not able to see right now without doing, like I said earlier, brute force.

Currently, management wants to see how many authentications we have daily and monthly. And in order to do that, we have to write our own scripts based on certain logs, and that's not something I really want to do. If SSO could do that for me, that would really help me do my job better.

What was my experience with deployment of the solution?

I haven't encountered any issues with deployment.

What do I think about the stability of the solution?

We've been using SSO since the Netegrity days. So for the last ten years, we've seen some bugs, but lately much less than in the past.

What do I think about the scalability of the solution?

We have a highly-redundant system. We haven't had to do anything else to scale it up any more than what we've already got.

How are customer service and technical support?

We've had a designated CA support engineer for the last four or five years now. Some have been mediocre, while some have been really good. Overall, technical support is very good.

Which solution did I use previously and why did I switch?

I used Netegrity 3.0 in a previous job.

How was the initial setup?

For the most part, the installation and setup of it with SiteMinder for the policy server aspect of it is fairly easy. For the web agent aspect of it, we've run into issues and have had to call support or refer to old notes from prior installations. For the most part, the setup is between easy and medium difficulty.

What other advice do I have?

SSO is a very robust application. It's very easy to administrate and use. Users don't even know you're using SiteMinder or SSO. They just think they're on a website. I can tell by the URL that a company is using it, and I like that. It makes me want to use that company more often.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user359505
Executive Director, CTO Security - Identity Management Architect at a financial services firm with 10,001+ employees
Video Review
Vendor
We use CA SSO in conjunction with their other authentication solutions. The mainstream use that we have for the products is web single sign-on.

Valuable Features

We are talking about the authentication products in general. What was previously SiteMinder, AuthMinder, some of the risk based authentication products that they have. I think the mainstream use that we have for the products are probably around web single sign-on. Being able to sign on to applications, the users not having to authenticate again. One of the good features we get out of the product as well is to be able to include different authentication methods. We use username and password but we also use smart card authentication, which is very key to our company.

Improvements to My Organization

Two factor authentication based on hard token effectively. Yeah the main thing I guess is, well two things. One is end user experience, so single sign-on. Before the product was introduced, we had multiple sign-ons to different applications. End users have to enter their username password multiple times. Now of course with single sign-on they enter it once and then during that session, they no longer need to authenticate again. The second thing I think that is important also security. It’s a secure product. We can make use of two factor authentication with the product and so from a security perspective, it gives us strong authentication. Our solution has to be basically 99.9% available, which means we have to have the highest availability out of the product that you can rarely from an IT system

Scalability Issues

We have deployed it in a very highly resilient and with a very strong PCM component. Ability to fail over within a datacenter and the possibility of failing over between countries and datacenters. It scales well, we have 200,000 users that's not simultaneous or you are all using it at once but certainly it scales events. There are advanced features that would mean that we need to look at scalability so it does authentication, does also authorization. If there is heavy authorization traffic then we really need to also look at how we scale that up. It can’t scale. It’s just a question of putting in more servers, putting in more infrastructure to allow it to scale.

Customer Service and Technical Support

To be honest, I don’t get involved with the operations side too much. I am an IT architect so I look at the overall architecture of the system and then how to introduce new requirements and how they can get fulfilled but my impression certainly is that the support is good. It has to be very good because we have a 99.99% availability, so if it wasn’t good we would’ve moved off it by now. I would say it is a relatively complex setup. We have a relatively complex environment so with all of the availability requirements we have, it is quite complex but having said that, it is no more complex than any other enterprise systems that has to be highly available.

Initial Setup

I wouldn’t say it was overly complex but there's complexity in it. One of the reasons we are here today is also to understand what features there are in the future. I think for me as an architect, I look at what the emerging trends are. We have a lot of new requirements; mobility is a big one for us. Bring your own device, being able to authenticate on mobile devices securely, being able to make use of multiple applications right on that mobile device. Being able to integrate with containers for example Citrix, also with the changing old pricing models we have, a lot of outsourcing, a lot of software as a service, we need to be able to improve how we have authentication to the cloud, federation capabilities and that sort of thing. There is a lot that we can do to go forward.

Other Advice

At this point I'd rate it about 8/10. One of the biggest things is availability. Availability, scalability, you really have to make sure you understand the scale of the deployment and what your requirements are around availability. Certainly in our company it has to be the highest scale, highest availability. Don’t underestimate the amount of testing you have to do, the amount of stress testing, load testing, because this is critical infrastructure. This really is the front door to all the applications in the bank and if this goes down, the bank has stopped working. Quite simply you have to make sure that you do all of the testing required to make sure that product is absolutely rock solid.

I think it is very important to do your due diligence. You need to do your research into what is out there and what is best to meet your requirements. That said, I think there is nothing really that can replace doing a proof of concept. You have to do a proof of concept, because no matter what the vendor says, no matter what other people say other blogs or other reviews, your involvement is always going to be unique. There is always going to be something that you need that maybe other people haven’t done before. Be that some authentication method, some authorization method, the number of people you have, your topology of your network.

There is always to be something. Take all of the other information in but you must verify yourself. I think you have to really understand supportability. Quality of the product, so you have to trust the quality of the development methods, the testing that it scales to how you wanted to scale that you’ve got examples of the product being deployed in similar types of organization, similar sizes, and similar industry is important. Yeah I think they are the main things really.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user372639
Director IT with 1,001-5,000 employees
Video Review
Vendor
Allowed us to consolidate the credentials our users need to log on to various sites.

Valuable Features

CA Single Sign-on is actually our main access control solution which we use to protect our websites, portals and applications, which are exposed internally as well as on the cloud and externally, as well as commercial applications.

Improvements to My Organization

It was very hard to get the end user experience in favor of like you login into one website and then you don't need to login into other website you can just click on the link and go over there. CA Single Sign-on has helped us a lot. The user only needs to use credentials once and then they can single sign-on into other websites which are already integrated into the CA Single Sign-on product.

Room for Improvement

Overall I'd say we're very satisfied with the product but yes, we had outages and performance issues but again I think based on the load and then how we're increasing our applications which are integrating into the solution. We have to do the technical and architecture review time to time to increase our capacity. CA has helped us with the architecture review and with the suggestions to take on the load. Definitely we need to add more servers, more capacity and also we need to go through the architecture review process there.

I'd say the speed to upgrade because I think I heard in the conference that they are trying to go with agile, getting new features in like period of months, a couple of months. That makes it very important for product management team to make it simple to upgrade. That's one of the biggest feature I'd suggest I'd like to see that if they can make the upgrade process simple. Overall I'd valuate it around 7.5 to 8. Definitely even when we select the vendors the product has to be best in the breed in the market.

Customer Service and Technical Support

I think we have a very good relationship with CA. I'd say because I think being a major access vendor product for us it's very crucial for our help cloud as well as our internal applications. We having a tier-1 support from CA and they have been very response whenever we have an issue, I think we get appropriate response from the support. I think right now we're using the solution for our cloud services which is having around 4 million users. I think it will grow to around 11 million plus users by next year and we're actually counting on the Single Sign-on solution to take the load and still meet our requirements.

Initial Setup

Yes it can be complex, I think that's one area we have already given feedback to the product management, that is a little complex to get the set up and get it going and the upgrade process is very complex. Again it takes time to get but I think once the product is installed and it's there then definitely the stability is there. The complexity is the number of components involved in the overall installation and the education part. Like if we don't have skilled team members definitely it needs people with proper skills set to understand the product, different components, the app layer, the database layer all those components makes it little bit complex too to install.

Other Advice

For us the support and maintenance matters most there because once the product is implemented but if we don't have good support at all so that makes it very difficult to run the product. For us, yes the stability plus support is very important. I'd definitely say, do use them to first of all note down all the use cases whatever they want to achieve by implementing SiteMinder. Definitely SiteMinder has a lot of features, a lot of capabilities at all but usually it's not possible for everyone to use each and every feature.

I think based on the business requirements, application requirements they should first list down what are the main criteria or their use cases and based on that they should go with the implementation. That's very important for us because yeah, definitely when a vendor comes in and they tell us about the product and the features which can meet our business needs definitely that helps. Again as I mentioned for us support and maintenance is very important so it's not just once the product is in house and we're done with it.

We definitely look for possible forums and get the user reviews, go to the user groups so that we can find more about the product and supportability. I think we’re early adapters of it when we choose it like it is or it's still the best in the breed product available in the market.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
it_user348408
IdAM Engineer with 1,001-5,000 employees
Vendor
It does a good job of gathering all transactional data, capturing information for user-initiated transactions. Tuning the policy store is a little complex to ensure it doesn't get corrupted.

Valuable Features

Its flexibility and ease-of-use are the most valuable features.

The objects are tied together well in the administrator UI. It's flexible and easy to use, and the the policy store schema has been structured well.

It provides auditing and secure cookies, as well.

Improvements to My Organization

It provides security and protects end-applications. Auditing is good – it does a really good job of gathering all the transactional data. Anytime a user initiates a transaction, all of the information is captured.

Stability Issues

It is very good. I have been working with the product for a very long time and have had no problems directly related to SiteMinder or its capabilities – only issues with our underlying infrastructure. There were a few things that CA has already addressed.

Scalability Issues

It scales very well. You can scale it horizontally or increase threads or socket configurations within the solutions.

Customer Service and Technical Support

They’re really good. Very knowledgeable. I had a policy store corruption – they were able to help me fairly quickly, in a reasonable time.

Initial Setup

I’ve been doing it for a long time, I can say it's medium-level complexity. The policy store configuration, and tuning the policy store is a bit complex in ensuring it does not corrupt.

Other Advice

It is easy to implement, use, and scale. There is room for improvement as with any product. It’s solely based on what their requirements are, their user population, and their enterprise environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user348447
IT Security Analyst at a financial services firm with 1,001-5,000 employees
Vendor
It provides end users with SSO to our applications – they log in once and they can access all of our applications. A nice addition would be authentication using biometrics.

Valuable Features

It provides good security as a single sign-on tool and is easy to integrate with various applications. Also, the admin UI it provides is very user-friendly.

Improvements to My Organization

It provides end users with SSO to our applications – they log in once and they can access all of our applications. It’s simpler, more secure, and involves less time for the end users, giving them a better experience with us.

Room for Improvement

I'd like to see authentication using biometrics. This would be a nice addition.

Stability Issues

Although the policy server has sometimes spontaneously restarted, it’s mostly good.

Scalability Issues

It’s scalable; you can add new servers and away you go. If we add more users or more load, it’s easy to scale up.

Customer Service and Technical Support

They are very helpful – always there when we need them. We had a problem with their impersonation solution with our application. It was not working with the existing version, so we called them and they determined the right solution was to downgrade.

We also have support tickets for other CA products and they are very responsive – on time and are helpful.

Initial Setup

It was already in production when I joined the company.

Other Advice

It provides a good UI for us, and it provides a good solution for our needs. As a standalone product, it's good.

You should understand the user setup, requirements, how you want to service the users, and their infrastructure. Based on this information, you can find the right solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user350634
IT Architect at a healthcare company with 10,001+ employees
Vendor
It makes it easier to find all the policies we have in place and run. It’s tough to keep up with all the releases and bugs that get fixed.

Valuable Features

For us, it’s the best-of-breed pick on the market today. More importantly it’s the least complex enterprise solution that we can manage. It integrates well with multiple applications in multiple environments. That’s a big deal for us.

Improvements to My Organization

It makes it easier to find all the policies we have in place and run. Less work for me!

Room for Improvement

One big problem we have is keeping track of the various patches and bug-fix releases. They come out for different platforms (Windows, Linux, etc.) and it’s complex. It’s tough to keep up with all the releases and bugs that get fixed.

Deployment Issues

It’s complex compared with similar products out there.

Stability Issues

It’s stable and mature, but we’ve had challenges as we grow. We see glitches here and there, and a little bit of latency in performance.

Scalability Issues

We have challenges, performance issues for which we’re unable to find the root cause as we scale. But we’re working with CA on this.

Customer Service and Technical Support

It’s excellent. We’re able to get enough attention for fixes. Sometimes the cycles are long, but it’s still good considering what we need.

Initial Setup

The initial setup was not straightforward. It definitely has its learning curve.

Other Advice

It loses points because of the performance issues when we scale, which has to do with the complexity of our environment. If it’s out-of-the-box, maybe others don’t have this issue, but we do because we’re large.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user354783
Sr. IT Security Architect at a healthcare company with 1,001-5,000 employees
Vendor
It's a one-stop shop to secure all of our web applications, and since 2003, we've been able to scale from two policy cycles to six with it.

Valuable Features:

I helps us to secure all of our web applications -- internal or external- or customer based, or provider-based, or partner-agents -- with access control. It's a one-stop shop. We can have a single user interface that has centralized policy-based and rule-based access controls.

It's easy to execute, robust, and secure.

Room for Improvement:

Identity Manager and GovernanceMinder should integrate better. Right now, they have started integrating it, but it would be helpful it were fully integrated with the other security products.

Deployment Issues:

We've had no issues with deployment.

Stability Issues:

This is one of the robust and stable product I have seen in my sixteen years of IT experience. I'm not exaggerating here, but that is the way it worked. Very few instances we had real failures. When you have a product this stable, you can depend on it and get on with business.

Scalability Issues:

Right now, our load is one million customers and about fifteen thousand internal users. We have web services we use and, this maybe looks so silly, but we didn't really have any major issues with SiteMinder. When my company began in 2003, we had two policy cycles up in production. Now we have six policy cycles. And it's scaled for us without problems.

Initial Setup:

When I came to the company we used v5, I believe, but I did two major migrations, a migration to v6 and then to v12. It's a very straightforward and smooth transition from version to version.

Other Advice:

Make sure your architecture is defined properly.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user353934
Identity and Access Management Specialist at a healthcare company with 10,001+ employees
Vendor
SSO allows us to log in once and use those credentials for multiple web sites.

Valuable Features

Single Sign-On is the number one feature of SiteMinder that we're using. The ability to log in once and use those credentials for multiple web sites is very valuable for us.

Room for Improvement

Upgrades is the biggest area for improvement. It really struggles with the upgrade process. We tell CA this pretty often.

Deployment Issues

We've had no issues with deployment.

Stability Issues

We've had no issues with stability.

Scalability Issues

We have challenges with scalability. We have a environment in which applications during peak enrollment periods can go from 80 users to 8,000 users in a weekend. Scalability is very difficult with SiteMinder. You basically have to roll out new policy servers and so the ability to provision capacity quickly is still a big challenge for us. They talk about it with every presentation. They're containerizing everything and they're doing all the right things, but they could roll them out faster.

Customer Service and Technical Support

We probably open two to three tickets a week. I manage that relationship so I supervise those tickets and escalate them appropriately. The problem is we need the support, but they don't know anything about the product.

One of the challenges is they kind of have a tiered support model where you get your case open to a Tier 1 support engineer, and often times we're using very specific portions of their products that aren't used to. For example, we use some kind of custom implementations of some of the older technologies for which it's difficult to get a resource who actually knows what we're using and how we're using it. The initial engagement with support can often take us two or three days to get the ticket assigned to the person who knows what they're talking about. Like DLWS, which is a distributed log on web service, which wasn't a core part of the product back in the day and it's just not used by a lot of people.

Some of the advanced password services stuff can be a little bit problematic, getting it assigned correctly, that kind of stuff.

Initial Setup

It's complex. Because of the complexity of the application, you're going to need to involve professional services. You're going to need to bring in a lot of outside resources if you've never done it before. It's not an out-of-the-box, point-and-click, now-you-have-SiteMinder situation. It's going to take a lot longer than that and I think the complexity is often hidden. People are going to stumble upon these challenges in their enterprise after they start it.

Other Solutions Considered

Not really. We use Ping, so we have products that do similar kinds of stuff. We used to use Tivoli, so we have some experience with that. Identity Manager's been used in the enterprise before. SiteMinder works a lot better for us just because we have a base of administrators who know how it works, ease of installation, and configuration.

Other Advice

It loses points for the upgrade and for just the lack of ease of management. We've been using it for a long time, so we're comfortable with its weaknesses and we've adjusted our process around those. I think for a new implementation it would be very challenging to bring in SiteMinder.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user351534
Technical Lead - Security Services Group at a financial services firm with 1,001-5,000 employees
Vendor
It provides a web-app customer response feature that allows us to customize responses back to the mobile app or browser assignments.​ We'd ike to see a more streamlined implementation update process.

Valuable Features

Our primary purpose for using it is to manage and control access to our web applications. We've extended the use somewhat to protect other environments in our shop where we need to authenticate users.

For example, we have a GemFire caching product, and we want to limit what data users can access within the GemFire environment. So we leverage SiteMinder and its policies within GemFire to authenticate the user and to authorize them based on what type of data they are accessing.

We also use it to federate identity with external clients and vendors. We use the federation component to federate identities between ourselves and outside third-parties.

Improvements to My Organization

We're moving to an API-based application development model with SiteMinder in that environment. It's important for us to be able to handle authentication and authorization issues when client-side mobile apps are calling to our services. We needed to handle the responses from those authentication problems better than the traditional SiteMinder SSO system did. 12.52 provides a really nice web-app customer response feature that allows us to customize responses back to the mobile app or the browser assignments.

Room for Improvement

We're really interested in the containerized version of CA SSO where the product will be delivered as a container image rather than the traditional binary.

We'd also like to see a more streamlined implementation update process.

Also, I think they need to improve their support a little bit better especially with experienced customers who are very knowledgeable in product. It's difficult when working on level higher than support.

Use of Solution

We brought it in a little over 10 years ago. We're currently in production on 12.0, but we're right in the middle of our migration to 12.52.

Deployment Issues

We have a very carefully planned roll-out of these products. We won't go into production as long as we're having stability issues. I would say for 12.0, our experience was fairly elongated to get to the resolution of some issues, probably a couple of months. With 12.52, we've had a couple of issues, but we already have patches and work arounds for them, and so we think that things have improved.

Stability Issues

In the past, whenever we migrated to a new version, there's been a little bit of stability issues at the beginning and I would say with 12.0 in particular we had some stability issues. But we believe 12.52 is a lot more stable, but that's yet to be seen.

Customer Service and Technical Support

It's a hit and miss thing, like all support organizations. For the most part, for simple problems they can get to a resolution fairly quickly. If the problem is a little more complicated, they really struggle with getting us a solution. We usually have to escalate the problem to our contact engineer. But then it depends on how important the problem is. If it's like a real critical problem affecting our production environment, we'll push a little harder. We'll call up our CA representative and try to escalate the problem.

Initial Setup

I wasn't involved in this initial decision to bring it in, but I was brought onto the team fairly soon thereafter.

Other Solutions Considered

I think Oracle and IBM have similar products. For due diligence purposes, We occasionally take a look at other vendors and compare features, but so far we're happy with CA.

Other Advice

I would totally recommend this product, but I think CA has a really good handle on what the drivers are and where the business is going in terms of application development. They seem to be a good fit.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user353775
Senior IT Architect with 1,001-5,000 employees
Vendor
It connects us to our vendors, agencies, and our service providers that are within our group of subsidiaries. We'd like to see a new feature to support an openID connection portal.

Valuable Features:

The most valuable feature for us is the configuration feature. It permits us to connect our company to the offices of our subsidiaries. So, when we buy a company we can connect their IT infrastructure to ours.

Improvements to My Organization:

It connects us to our vendors, agencies, and our service providers that are within our group of subsidiaries. If we didn't use it or if we lost service for even two hours, we'd lose 20 million euros.

Room for Improvement:

We'd like to see a new feature to support an openID connection portal. We'd also like for CA to be faster at shipping out new technical environments, such as OSs. They should do an operating system like RHEL, where Red Hat is on top the newest version of Linux. Today, they're slow to support new technology.

Stability Issues:

It's stable.

Scalability Issues:

There have been no issues. The scale is very important for us because we are doing some new applications.

Initial Setup:

It's not user friendly, but it's very customizable. It's important to have customized developments integrated with CA SSO.

Other Advice:

It's expensive. If you're small, it wouldn't be as good a fit, but if you are a big company, then it's a better choice.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user353421
IT Analyst at a retailer with 1,001-5,000 employees
Vendor
It's flexible so that we can use it for Single Sign-On, integrated windows authentication, SAP, and federation.

Valuable Features

The most valuable feature is basically what it promises. It gives us a platform for strong authentication and authorization with access control. Another strong feature that we like is actually its simplicity of operations and administration. It's fairly simple to grasp the concepts and administer the servers and the policies.

Without it we would rely solely on straight basic authentication to our user directories, and that obviously just doesn't work. There's no auditing on it so audit-ability is another big feature that is tremendously helpful especially in this day and age of auditing and data breaches.

Improvements to My Organization

It's our single solution for managing user authentication. It's proven itself to be reliable and stable in terms of how it works. It's also flexible so that we can use it for many different things -- Single Sign-On, integrated windows authentication, SAP, and federation, which is a big part of our use. Those particular features are really beneficial to us as an organization.

Room for Improvement

Probably the biggest thing that SiteMinder needs is a refreshed UI for administrators. Because it's transparent to users and clients there's, not much in terms of improvement there other than additional features that they can concoct. But as an administrator, the UI can definitely use refreshing. There's ways to get to the same result with less clicks, and even with their new refreshed UI lately, it's still basically the same thing, so I don't see any improvement there.

Deployment Issues

It's stable, lightweight, works as expected and we don't see any problems with it.

Stability Issues

It's very stable. I would say it's about a 99.9% uptime. There is a glitch probably on average once every six months, once every half year. However, it's very lightweight for what it does and, again, the audit-ability aspect of it and logging aspect of it are very mature and helpful in terms of figuring out how to resolve an issue.

Scalability Issues

It's very Scalable. We were able to and we're actually continuing a global roll-out for it across the EMEA region in addition to our North American region, so it scales among all of our Active Directories very easily. We have no qualms in terms of adding users up to hundreds of thousands of users if needed. In terms of scalability, it delivers on its promise.

Customer Service and Technical Support

Customer Service:

Technical Support:

We use technical support for custom scripting. We needed to develop a custom Java API for SiteMinder to hook up with one of our .NET applications, and that's probably one instance where we had to use the technical support, although it kind of borders on professional services.

Otherwise, there are really probably only a handful of instances where we use technical support and really only to guide us on best practices.

Initial Setup

I wasn't involved in the setup, but I will be involved in future releases, in particular our roll-out to different regions of the world.

Other Advice

My advice would be to go with it simply because I know the product and I know it works. The way I would persuade them would be to say that it's rock solid. It does what you need it to do, it's stable, and the learning curve is really not so bad.

If there was one thing I would say, think a little bit more about how you would use a flow chart to optimize the administrators experience to do the exact same job.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user351696
Software Development Manager at a comms service provider with 1,001-5,000 employees
Vendor
We now have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. A more modern management interface would be nice.

Valuable Features

The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.

We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.

Improvements to My Organization

It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.

It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.

Room for Improvement

A more modern management interface would be nice. The existing interface feels like it's about 10 years old.

Use of Solution

It's been probably about 10 years since we integrated with it.

Deployment Issues

We've had no issues deploying it.

Stability Issues

It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.

Scalability Issues

We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.

Customer Service and Technical Support

We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.

Other Solutions Considered

Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.

Other Advice

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user351468
Security Analyst at a insurance company with 1,001-5,000 employees
Vendor
It provides a level of security that allows us to get on with our work. The initial setup was kind of cumbersome.

What is most valuable?

I really like the robust functionality that this solution offers, such as federation, OAuth, security, and multi-tenancy, just to name a few.

It really helps us and, importantly, it's very easy to use.

How has it helped my organization?

In regards to our organization, it provides a level of security that allows us to get on with our work.

What needs improvement?

The initial setup was kind of cumbersome as the instructions were not great. They should really improve this.

What do I think about the stability of the solution?

It has had its moments, but we deal with them and it seems to be getting better.

What do I think about the scalability of the solution?

Definitely scalable, no problem here.

How are customer service and technical support?

Mixed, as there are different levels of expertise and so the quality of support not consistent.

Which solution did I use previously and why did I switch?

Others in my company had done the due diligence because once you’re married to the product you cannot change. But I don’t think CA SSO is the best out there right now.

How was the initial setup?

It was complex and not at all straightforward. They really need to work on this.

What other advice do I have?

Just do your research. This is very important.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user349443
Information Security Analyst at a financial services firm with 1,001-5,000 employees
Vendor
It helps with compliance because we can make sure who a user is, log-in information, etc. It’s difficult to initially configure, but once you know where the traps are, it’s not a big deal.

Valuable Features

Single sign-on allows you to log into multiple areas and sessions with just one user login. SiteMinder uses a cookie to pass the credentials along to different applications, and it’s encrypted. You can determine how long the session will last before users have to log in again. And if you have NTFS capability, it just automatically logs in again for them, using a firewall to protect LDAP.

Improvements to My Organization

We use it for our tier-1 applications through GLBA and SOX. It helps with compliance because we can make sure who a user is, log-in information, etc.

Room for Improvement

It’s never been an out-of-box solution except for IIS, which installs web servers for you. Basically, you do a bit of configuration, and the client on the other end is heavier use. That’s the beauty of SiteMinder -- you can do anything with it.

It’s really difficult to initially configure, but once you know where the traps are, it’s not a big deal. It’s done everything we’ve needed it to do.

It could use better air handling -- if your policy doesn’t work, you just get some dots instead of real information without looking at the logs. It would be nice to find the info without hunting in the logs.

Stability Issues

Once every one to two years, the service will freeze, but if you have redundancy, all you have to do is restart. If you have redundancy, it’s not a big deal. The way it works, is that it does a round robin so that if one server goes down the other three handle the traffic.

Scalability Issues

Very scalable. You just have to have a central database where all servers hook up to the policy store, and all servers can use the database without a problem. You can then add as many servers as you want.

Customer Service and Technical Support

We’ve been using it since they were Netegrity, who had amazing an KB. But unless you’re standing up a new application, you don’t need it. We only get tech support involved when we have a new application.

Initial Setup

I’ve been running SiteMinder since v4, the first time I had to learn everything. It’s easy to export the policy to the policy store, which is your most valuable thing. It’s on v12 now, and I haven’t had to update for two years. We’re no longer handling the server admin, that’s another team, but we’re handling all the policy configurations. We can take that and go from version to version with no problem.

Other Advice

As far as software goes, it’s as close to the energizer bunny as it gets. Every now and again, service will freeze, but other than that it just goes.

It depends on whether you can log in directly to your LDAP and manage it, because that would be easier. If you need the ability for just logging without buying an application and want good security, it’s an awesome solution.

Most people use it as an external firewall, but all our firewalls are internal, so this is a good back stop.


Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user349428
Software Engineer at a healthcare company with 1,001-5,000 employees
Real User
It's really increased the security of our applications and, in some cases, without requiring multiple usernames and passwords. The installation documentation is not good enough.

Valuable Features

We use it a lot for federation, authenticating in-house or on premises, and that gives us access to an outside SaaS provider.

Also, we like the reverse proxy tool so much that in some instances we’re using SSO just for that and not even single sign-on.

Improvements to My Organization

It's really increased the security of our applications, and in some cases, has provided much more security. It does this even while some applications don't require multiple usernames and passwords.

Room for Improvement

The documentation is not good enough, particularly the installation documentation could be improved. Some things are left open to interpretation and others are simply not documented at all. CA will take liberties and make assumptions that your system is a certain way, and so the documentation is based on that.

Stability Issues

It’s very stable, but we found some bugs and got workarounds quickly. We stress out SSO, from what I understand CA's reasoning is, but they're quick to resolve the issues.

Scalability Issues

We've had no issues at all with scalability, as it covers everything we do even at thousands of logins per minute.

Customer Service and Technical Support

We use them a lot and they're quick to pick up cases. We have almost a dedicated team with them that escalates up issues.

Initial Setup

It’s fairly complex as it has lots of pieces. We’re in the process of upgrading and we’re building a mirrored environment and then moving everything over to it.

Other Advice

CA is great to work with, but to use it, just learn the product suites and how they interact. Make sure you have a good layout and make sure you have everything you need.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user349344
Vice President at a financial services firm with 10,001+ employees
Real User
It enables the business to serve customers through multiple channels without asking the user to register multiple times. Agent configuration can be improved.

Valuable Features

Security to protect digital assets is most valuable to us. For the financial industry, security is a high priority. SSO provides solid security, specifically authentication and protecting digital apps and applications. We can define what we protect.

Federation is valuable as well, using the same security across multiple channels like mobile, e-side and m-side, and web services for partners. We can cover all channels with one security solution.

Improvements to My Organization

It protects business assets and functionality. It enables the business to serve customers through multiple channels without asking the user to register multiple times. Register once and it serves multiple channels. It also helps our security and fraud teams to protect assets and lock compromised accounts. It allows all channels to go through the same rules.

Room for Improvement

We go by agents for authentication; anything relating to agent configuration could be improved, or even agentless security.

Also, reporting on analytics and the health of the system could be improved.

Stability Issues

Very stable. It’s rock solid. As it is serving 100 million requests, it works.

Scalability Issues

It’s very scalable horizontally. We deploy multiple policy servers as we see load increase, and we do have 16 million users.

Customer Service and Technical Support

We have dedicated services, and they’re OK. Whenever we ask the questions, we get documentation and we do place calls. When we place calls, we do get good support. Theoretical questions or subject matter questions are usually answered with documentation and some back and forth. Overall they have been good.

Implementation Team

It was already implemented, but we did migrate to a new data center. The experience was pretty good.

Other Advice

SSO architecture is different from other kinds of application development. Plan up front. Understand the tool, and understand how to configure the tool, which partially depends on LDAP, and how to configure agents to perform.

Understand how you want to protect which assets, and how you want to open asset protection to other channels because it will grow. People will be asking more and more. For us there is no other way when I’m serving that many customers – we have to be fully prepared and plan way ahead.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Manager, Information Security and Cyber Defense at a tech services company with 10,001+ employees
Consultant
It's seamless with several hundred internal applications. We’d like them to go back to the C version of the admin console.

Valuable Features

The most valuable features are security and ease-of-use.

Tokenization of the web applications is easy for application owners to integrate with the tool. On the back end the dev side, and the deployment cycle with web agents and policy creation are easy.

Improvements to My Organization

It's seamless with several hundred internal applications, which is a time and frustration-saving mechanism. It definitely gives a productivity increase with less time logging into things instead of logging in from application to application, while maintaining the security layer.

Room for Improvement

We’d like them to go back to the C version of the admin console. It was much smoother than the web-based version. Everything else is pretty good.

Stability Issues

Very stable product. The only time we’ve had problems with it is deep behind SiteMinder, which feels the ramifications. The application we’re protecting usually has the issue, not the SiteMinder/SSO itself.

Scalability Issues

Very easy to scale. They have a good sizing guide it vertically scales very easily.

Customer Service and Technical Support

Once you get past the first level, it’s good support. Typically once you’ve supported the CA product for a couple of years, you probably know more than first-level support, so it’s frustrating to explain to them the issue.

Initial Setup

It was already in production when I joined.

Other Advice

It’s definitely an industry leader in the web access realm. It’s easy to deploy and integrate.

You need to understand the overall design of your web infrastructure, and what do you want to protect – the entry point or the entry point and application server? Design questions, really. You need to decide whether you want fine-grain or course-grain authorization. For the CA solution, make a support matrix and understand other peripheral products in the environment.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user349326
Senior Staff IT Engineer, Identity and Access Management at a comms service provider with 10,001+ employees
Vendor
It ​restricts cookie replacement and provides enhanced ones, so the applications are safer. It would be great if they could move to the AWS support model of opening up a chat instead of a case.

Valuable Features

We like the ease of implementation, integration, and the support matrix. Cookie provider helps us set host-based cookies and provides SSO across multiple domains. It provides restricted cookies as well.

Improvements to My Organization

It restricts cookie replacement and provides enhanced ones, so the applications are safer. Helps keep our data secure in a much better way without affecting user experience.

Room for Improvement

Better support. It would be great if they could move to the AWS model where we could open up a chat with the support person immediately instead of opening up a case. We’d love to see them implement screen sharing to expedite the support process.

Stability Issues

10/10 - no issues.

Scalability Issues

I haven’t seen any performance problems with scaling or general performance ability, so maximum points there as well.

Customer Service and Technical Support

Not great. The first level of support is not up to the mark or able to understand the actual problem. It takes us time to explain the problem. Any time we open up a case we have to repeat the explanation of the problem 15 to 20 times until we get a response that is in line with what we are expecting.

The handoff isn’t good. Communication with the different support teams is a challenge, and we have to repeat every detail of the problem at every stage, which makes it not a great experience.

Initial Setup

It was simple. Documentation has been more than satisfactory, and we’re happy with that. The changes are very well communicated. Even the point releases haven’t given us any problems.

Other Advice

It has all the features, and the CA roadmap has always been ahead of the competition. The only missing portion is documentation around global deployment. As companies are growing bigger and bigger, they’re thinking about global deployments, so we haven’t seen much talk around global deployments, and I haven’t seen any white papers.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user58431
Delivery Manager - Technology - Identity and Access Management at a financial services firm with 1,001-5,000 employees
Vendor
The login experience is seamless navigation from one app to the next. The policy export/import could be easier for when we go between environments.

Valuable Features

The most valuable features are:

  • Ease of deployment, and
  • It’s customizable within the user interface.

Improvements to My Organization

It helps protect our applications and provides identity management. It allows us to do business with third-party apps, and they’re a recognized industry leader.

For the login experience, it’s seamless navigation from one app to the next. It’s responsive and promotes ease of doing business.

Room for Improvement

Upgrade planning is extensive and costly and involves a lot of applications, so we’d like to see that improved. Also, the policy export/import could be easier for when we go between environments and when we export/import into our production environment.

There are some security risks that we’re evaluating with a current version of the product that might require an upgrade. From an upgrade standpoint, it’s challenging – not a simple, agile type upgrade. It’s a major upgrade that affects a lot of our applications.

Stability Issues

Highly stable. We have it pretty well tuned.

Scalability Issues

It’s scalable from one app to the next, and we already have the infrastructure built out to support it.

Customer Service and Technical Support

They provide a pretty good service, especially as we’re entertaining additional products and services. We had an upgrade from R6 to R12, which was significant, which we managed through support. Understanding the urgency and sensitivity behind it, we got their account management team to come on-site and help.

Other Advice

It’s stable, the client experience is really good, and there’s an opportunity for us to improve response times. They could improve integration with other products in the suite.

Understand what their business cases are before they pursue a solution; understand where they have a need. Sometimes applications themselves don’t necessarily need to be integrated with something as robust as SiteMinder doing ID management, so I’d recommend looking at the business functions and what their needs are before they pursue the SiteMinder solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user346686
IT Security Manager at a financial services firm with 1,001-5,000 employees
Vendor
We use it for multi-factor authentication and for our identity management processes. It's helped us meet requirements by having dual factor authentication.

Valuable Features

The three security products perform different functions, but they are all part of the suite. SiteMinder is an industry leading solution as everyone is using it. The new offerings are simplified, which is good.

Besides that, other things are pretty much on par for the industry products out there. All the products have valuable features, but they’re similar with what’s out there.

Improvements to My Organization

We are using it for multi-factor authentication, and we are using it also for our identity management processes. Some of the tasks we have been doing for boarding, it's helped us meet requirements by having dual-factor authentication.

Room for Improvement

With CA Identity Manager, the integration support with other technologies is still not mature enough. CA IDM still has a lot of moving components. Oracle and SailPoint solutions are much simpler and robust, although we are using CA because we have licenses despite it needing to be simplified.

Use of Solution

We're using this alongside IdentityMinder and RiskMinder.

Stability Issues

I would rate the suite 4-5/10. SiteMinder is the most stable and is 7-8/10 rating. with the other ones, we’ve had problems, and they doesn’t really match our business needs. The other parts of the suite are lower.

Scalability Issues

I think for SiteMinder, we have a business need and we think it is scalable. For 2016, we'll increase our infrastructure. For the others, we are running them on a minimum hardware set.

Customer Service and Technical Support

We often use tech support when we get stuck in situations. We have less of a relationship with them because we escalate with partners and they provide us with support. If you just open a ticket directly with CA, the guy doesn’t have a solution. With the partners, there's always a good solution.

Initial Setup

I started using it six years ago when it was very complex. Now they have given a lot of UI features and simplified it as well.

Pricing, Setup Cost and Licensing

They are good from a cost standpoint. The price model offering is very comparative to other solutions. That is a positive.

Other Solutions Considered

We also looked at Oracle and SailPoint solutions. We looked for a solution that had good integration with other technologies in an enterprise organization. We also considered the simplicity of the product.

Other Advice

CA has a lot of servers, but it needs to be simplified to only two to three components. The SiteMinder solution is something that if my colleagues would like, I’d suggest that.

Other products I would say, go look out in the market. There are better solutions, and CA should look at Gartner’s Magic Quadrant and IDG. Look at the capabilities to see how they can bring those capabilities into their products, etc. It gives me the single sign-on between applications. On-boarding isn’t effort intensive. Those are good things.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user348420
Security Engineer II at a tech services company with 10,001+ employees
Consultant
We can differentiate between good logins with a genuine user and unauthorized ones.

Valuable Features

It provides us with authentications, authorizations, and basically providing the client with better secure services.

We can differentiate between the good logins with a genuine user and unauthorized ones.

It’s easy, versatile, and functionality-wise, it’s very user-friendly as well.

Improvements to My Organization

With SSO, we’ve been able to better serve our clients, and wherever these authentications are required we can effectively manage the authentications. The bottom line is that if the clients are happy with the SSO solutions we’re providing, we’re doing a great job and the product has been helpful.

Room for Improvement

I would say advanced authentication, but they have another product for that. SSO could be merged with automatic authentication, so if I want to use those services I could depending on our requirements, rather than having two different products installed.

Stability Issues

Like every other product there are things that need improvement, but it has been pretty stable. From a job perspective, it does what it is designated to do. Sometimes there are issues with non-sequential navigation, but when there’s an issue we get a fix for it. There are no issues with the core functions.

Scalability Issues

We are applying the solution to a lot of the platforms we are planning for, and we’re pretty confident and positive that it will be the best solution for us.

Customer Service and Technical Support

It’s good. Sometimes you have to wait for the right resources to come up and follow the escalation chain, but they’ve always been very responsible. I would like to get answers right away in most of the cases, not being sent offshore to have some analysis done. But I’ve seen that improvement in the past year – the customer service has improved.

Initial Setup

It was already in production when I joined.

Other Advice

We installed one version and there is a bug in it; from a customer perspective I would want that particular issue to be fixed rather than getting an answer that the bug will be fixed in the next version.

It doesn’t mean we’re not trying to address it from our side, but with clients on it, it does take time and we’ve got to keep in mind all of the consequences. If they could have those exact solutions for a particular issue that would be great.

You should understand their requirements before they select a solution. Then you need to verify that you have the correct infrastructure, resources, and that your applications are compatible with the SiteMinder solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user345507
Program Manager at LS3 Technologies, Inc.
Consultant
We chose it because you can automate the creation of endpoint systems and create custom connectors. While tech support is sometimes quick, it's often been slower than ideal.

What is most valuable?

The ability to easily manage user accounts is great.

How has it helped my organization?

Segregation duties is another great benefit. It has allowed us to automate the process of creating user accounts really well.

What needs improvement?

I can't think of any additional features I'd like to see, as it does everything we need.

For how long have I used the solution?

We've been using it for around two years.

What do I think about the stability of the solution?

It’s been very stable so far and hasn't gone down at all.

What do I think about the scalability of the solution?

It’s scaled up as far as we've needed so far. We're a midsize customer with about 2000 users, and it's been totally fine.

How are customer service and technical support?

They get us answers, but often they’re too slow. It could take us as long as two weeks to get the answers we need. While sometimes it's quick, it has often been slower than ideal.

Which solution did I use previously and why did I switch?

We’ve always been using this, and beforehand we used a homegrown solution. We switched because it had insufficient automation and our homegrown solution was just too inflexible.

How was the initial setup?

I wasn't involved in the initial setup.

Which other solutions did I evaluate?

I always look for quality of services. CA have been OK so far, but not a slam dunk. We had one problem where they took forever to get back with us, but they eventually solved the problem fast.

My company also looked at IBM and Oracle, and I don't know why they chose CA.

What other advice do I have?

Check how many endpoint systems it supports. We chose this because of the amount of endpoints, you can automate the creation of endpoint systems, and it has the ability to create custom connectors. It supports the connectors out of the box and this is faster and easier than doing it yourself.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user346296
Lead Technical Architect with 1,001-5,000 employees
Vendor
With just a single ID, people don't have to remember multiple user IDs and passwords. We've seen some bugginess when we want to incorporate a new feature, customization, or technology.

Valuable Features:

The features most valuable to us are its usability, the way you can customize it, and its supportability.

Improvements to My Organization:

From an organizational perspective, it helps us to maintain IDs and it enhances the user experience. With just a single ID, people don't have to really remember multiple user IDs and passwords. So, it's a tool to enhance the user experience.

Room for Improvement:

I'd like to see less issues when we implement new customizations or technologies. Being able to customize is something we'd like to do, but it needs improvement to allow that to happen without issue.

Stability Issues:

It tends to be buggy, though not to a high level. Where we have seen most of the problems is when we want to incorporate a new feature or when we want to implement some customization or when we want to implement a new technology. During those times, we have seen it to be buggy.

Scalability Issues:

Like the stability, we have had some issues with bringing in new integrations or customizing it for our need. It's been a journey figuring out how to scale it.

Initial Setup:

I wasn't involved in the setup.

Other Advice:

It may be a good product, but I'd advise staying away from customizing it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user344034
Director of Security at a tech company with 10,001+ employees
Vendor
It enables security and single sign-on to applications deployed on thick clients, web based applications, and ERP systems.

What is most valuable?

The most valuable features for us are:

  • Access management
  • Role-based authorization
  • Identity provisioning
  • Identity federation

How has it helped my organization?

The product greatly facilitates a centralized identity and access management system. It provides seamless navigation across different applications in addition to enabling the flexibility to personalize contents based on user attributes without additional requests.

It enables security and single sign-on to applications deployed on thick clients, web based applications, and ERP systems.

It easily integrates with third-party service providers by enabling federation gateway capabilities.

What needs improvement?

There is a considerable improvement in the product from previous versions, but a few items we feel need a little attention are the web agent installation process and steps – as it behaves differently on the same OS.

Improvements are also needed in the password policy template customization and it's missing the required documentation to do it.

The knowledge base needs to be enhanced as there are very limited resources on the web while debugging issues.

For how long have I used the solution?

Avaya has used SiteMinder 12.5s2 and IdentityMinder for eight years. We also use the following products -

CA Secure Proxy Server – 12.52

GovernanceMinder 12.6 – New to Avaya; in initial deployment
PIM R12.8 New to Avaya; in initial deployment

What was my experience with deployment of the solution?

CA Single Sign-On – No issues encountered during deployment.

CA Identity Manager – No issues encountered during deployment.

CA Privileged Identity Manager – Few issues encountered during deployment, mainly related to resolution of DNS entries for Active Directory.

What do I think about the stability of the solution?

So far no issues encountered with stability.

What do I think about the scalability of the solution?

So far no issues encountered with stability.

How are customer service and technical support?

Customer Service:

It's very good.

Technical Support:

It's very good.

Which solution did I use previously and why did I switch?

No previous solution was used.

What about the implementation team?

It was a mix of internal Avaya and an IdmLogic team.

CA Single Sign-On was deployed by an internal Avaya team and CA Identity Manager was deployed by the IDMLogic team.

A CA team was instrumental in deploying CA Privileged Management solution.

CA and IDM Logic have very good expertise in implementation of these products.

Which other solutions did I evaluate?

No other options were evaluated, it's just upgrades.

What other advice do I have?

Have a significant knowledge of the applications transitioning, as it requires interfacing with these products to ensure proper adoption. Have a roadmap to integrate identity and access management into your organization.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Middleware specialist at a insurance company with 10,001+ employees
Real User
Its single sign-on feature allows us to log in to a variety of different applications, but it's difficult to manage and has an outdate UI.

Valuable Features

Security configuration Flexibility

Improvements to My Organization

It provides a secure interface and single sign-on to a variety of different applications.

Room for Improvement

It's difficult to configure, and has a very old and challenging user interface.

Use of Solution

I managed it for approximately three years.

Deployment Issues

No issues encountered.

Stability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service: It's reasonable, the support does respond within a reasonable time frame, but it can be very difficult to troubleshoot any issue. Technical Support: It's reasonable. The support is not the quickest to respond and does not have a mature process in terms of what logs must be gathered, and what to…

Valuable Features

  • Security configuration
  • Flexibility

Improvements to My Organization

It provides a secure interface and single sign-on to a variety of different applications.

Room for Improvement

It's difficult to configure, and has a very old and challenging user interface.

Use of Solution

I managed it for approximately three years.

Deployment Issues

No issues encountered.

Stability Issues

No issues encountered.

Customer Service and Technical Support

Customer Service:

It's reasonable, the support does respond within a reasonable time frame, but it can be very difficult to troubleshoot any issue.

Technical Support:

It's reasonable. The support is not the quickest to respond and does not have a mature process in terms of what logs must be gathered, and what to gather before raising a case.

Initial Setup

It was complex. There are a number of concepts you have to understand to use the product, and the concepts are mostly specific to this particular product.

Implementation Team

CA provided assistance with augmentation of the existing solution, they provided quite a good level of support during the project.

Disclosure: I am a real user, and this review is based on my own experience and opinions.