Please share with the community what you think needs improvement with Symantec Identity Governance and Administration.
What are its weaknesses? What would you like to see changed in a future version?
They should easier and better integration with other software. It's hard to create custom integration rules with other software, like Oracle. This needs to be improved to give the customer an easier way to integrate.
As far as improvements, the first thing I think CA needs to do is redesign the user interface. The functionality is good but the interface itself is not that user-friendly. I think also that there are some issues with the privileges of service accounts. For working with Oracle, we need some kind of service account with administrative privileges. Access works when we give the user account administrative privilege. But in some cases, particular access needs to work for user roles that have less than administrative privileges and these users and rules need to be stored in the database. I need the ability to directly configure users and rules store on databases. Maybe it is more complicated and related to Oracle services — I do not know the database side as well. But we need to read and write on the rules table and the users tables and store that data in the database. Otherwise, the product has good performance and it is a very capable solution. I can automate a lot of processes related to provisioning users and identity management, but the controls can be even more flexible with these few changes. The deployment cannot be pushed through the management console when you define the credentials for a user that can connect to the endpoint. It would be easier for deployment if the service could look at the endpoint or data center and detect what is needed to push this deployment based on the application version or based on whatever the operating system is. Things like that can make a difference at times. If they can customize by the customer, it means that if someone upgraded their environment, the client does not have to go back and request the version of an executable for a new OS. The result is that the correct executable will be deployed by the agent.
The directory has room for improvement. Also, the dashboards and, in particular, the KPI dashboard that shows the current user’s information needs reworking. It would be ideal if they could consolidate the workflow. Right now, because everything is on a different workflow engine, seamless integration cannot happen. If the solution offers a single workflow engine and a single reporting engine for all security targets, that would be ideal.
I would like to have differential campaigns. In the next release, there should be the provisioning of your certifications. When you remove access or grant extra access to someone, it would be good to have direct provisioning to different sources.
The product has a lot of need for improvement. Our issues are being raised back to the vendor as enhancements.