RSA Aveksa [EOL] Reviews

It is a configuration based tool and requires less coding compared to other IAM products like SailPoint and OIM. It is very good in Access Governance for review processes.

Before implementing RSA Aveksa, our organization was facing following challenges:

• Manual provisioning and de-provisioning for users account like AD, Exchange, Lync and other applications. Due to manual innervation it will take time for user on-boarding process and also data is not sync if any changes happened in HR source.
• Leaver account was not disabled on time. It leads to audit compliance issue.
• Audit compliance issue.
• Access Request management is not available.
After implementing RSA Aveksa, all the above mentioned issues have been resolved.

• The Access Provisioning process needs to be improved. Compared to other IAM tool the architecture of provisioning process is not up to the mark.
• Tutorial and solution examples are lacking in RSA community center.
• Customization flexibility is also minimal due to this sometimes not able to fulfill the organization's complex requirements.

I have used this solution for last year and a half.

I did not encounter any stability issues.

RSA Customer care support is also good compared to other IAM products.

I would give technical support a rating of 8/10.

I wanted to learn and explore different IAM products. It would help me to achieve my career goal.

The initial setup was straightforward. The installation is easy and mostly all the required documents are available for the initial setup.

I was not involved in pricing and licensing. But I believe compared to other IAM products, the license cost is less.

We evaluated SailPoint Identity IQ and Novell Identity Manager.

I would like to recommend this product. This product required very little customization and most of the solution can be developed using out of box features. For customers who have very complex requirements and require lots of customization, then I would recommend SailPoint Identity IQ.

The most valuable features are the identity store and the membership rules.

HR is now our starting point. We have collectors to/from all back end systems.

We are able to see all the misconfigurations in HR/ back end systems and we are able to correct them.

Using membership rules saves us a lot of time. It is very important that we are in control.

We are now able to assign roles based on HR attributes. Maintenance will be decreased.

• AFX collector/connector for SAP
• Forms: Should be more flexible to manage fields
• You cannot show fancy documents to the end-user

We started to work with this tool two weeks ago after a long preparation time.

The stability is good, when you put in enough resources.

When running big collections/connections for the first time, we encountered some performance issues. However, with additional resources, this was fixed.

Our implementer is Capgemini and they are OK.

We used AlertEnterprise. In the past, no identity module was purchased. We switched due to the high cost of implementation.

Because we were already working with the IAM tool, we already knew what we wanted. The configuration, however, is very complex.

I think the pricing is OK. Be aware that you make rules about the use of identities, because otherwise you will pay!!!

We did not evaluate other options.

Make sure that you have a good idea of what you want, because implementation is very complex. I am still amazed what this tool can do.

• Centralized access management/governance


• Access Forms


• Online Approval


• Automatic on-boarding of new users and Termination of users that have left (i.e. Joiner, Mover, Leaver Process)


• Business approach to access (Business Roles and descriptions)


• User friendliness


• Review - this is great for audit purposes, and proof of compliance.

• Access Provisioning: the time-frame has been significantly reduced, as this was a paper based process previously.


• All application access requests are completed from a centralised portal, whereas previously was also paper-based and confusing to users


• Users and managers understand the different levels of technical functionality and can make risk-based decisions about granting access


• Violations are highlighted almost real-time and can be managed much more effectively -and this reduces risk exposure of sensitive applications

The mobile application.

Four to five years.

No issues with deployment.

In the older versions, there were sometimes instances where memory would get used up and the application would need a restart.

No issues with scalability.

Both with Aveksa, and now RSA our experience has been good.

No previous solution used.

The people and change management process was quite complex, as we were changing our process and a major touch point to IT of the entire organisation.

The complex nature of the enterprise environment in terms of different applications was quite complex, in that all technical access had to defined and thought of from a business functionality perspective.

We used a vendor team.  They helped us through the technical side of things, and also got involved in business workshops and demonstrating the value and benefit of the solution to the organisation.

Yes, we compared it to Oracle.

Get business involved from the initial stages.

Spend some time on user change management, communication and education.

Adopt a maturity model of implementation - getting from a paper based access request governance process to a fully automated closed-loop verification one is a large change. It is possible to get small wins for a large number of applications in stages, For example:

1. Attain visibility into user access first across all applications 


2. Initiate a clean-up of legacy access (this adds a lot of value and reduces potential risk exposure of multiple applications)


3. Define/workshop technical access and how it correlates to business functions for an application at a time


4. Implement business rules and violations


5. Initiate user and access reviews


6. Automate provisioning.

1. Easy connections (many out of the box adapters) to most of the common applications (data stores)


2. Adapters are used for both the collection of identity and access data and the provisioning of accounts, roles and rights


3. IMG includes Role-Mining features to assist in processing non-role based access rights


4. IMG also includes SOD functions used to define GRC rules across applications.

After IMG most of the tasks happen automatically, but also offer manual provisioning from a single GUI for all applications.

IMG also comes with a simple GUI for business users to request access rights to different applications, triggering a predefined authorization work-flow to approve their request.

There are some crucial adapters missing for SAP CUA and for some Legacy applications.

First one is the cost an initial process of mapping applications and access rights structure in each application. It's recommended to perform this process with each application owner in one-on-one meetings.

Second cost, that is not always taken into consideration is the fact that day after the implementation you''ll need someone to manage the system, and be responsible for day to day maintenance.

Walk through all the crucial stages with a 3rd party expert.

• Project Initiation


• Defining stake holders, objectives, scope & capacity


• HLD


• Interface architecture
  


• Budget


• Schedule


• Business partners


• Technical partners


• Make sure the project has a relevant Business Owner.