The CA Identity Suite provides comprehensive identity management and governance capabilities with a simple, intuitive user experience. This user experience can dramatically simplify processes such as user access requests and access certifications, resulting in improved productivity and user satisfaction. In addition, the CA Identity Suite performs risk analysis and certification and enables remediation actions in real-time during the access provisioning steps, thereby improving audit performance and risk posture with preventive policy enforcement.
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| ForgeRock | 4.0 | 2.8% | 93% | 37 interviewsAdd to research |
| Oracle Identity Governance | 3.7 | 2.7% | 80% | 72 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 2 |
| Midsize Enterprise | 1 |
| Large Enterprise | 6 |
| Company Size | Count |
|---|---|
| Small Business | 36 |
| Midsize Enterprise | 7 |
| Large Enterprise | 9 |
While providing these business and governance-centric capabilities for business users, the CA Identity Suite also delivers core enterprise-grade identity management and governance capabilities, including broad provisioning support for on-premise and cloud apps, extensibility and flexibility to integrate with other IT systems and consumer-grade scale. This means organizations are not forced to choose between usability and performance. With the CA Identity Suite, they can have both.
CA Identity Suite [EOL] was previously known as IdMLogic SIGMA.
| Author info | Rating | Review Summary |
|---|---|---|
| Technical Support Manager at Future systems | 4.5 | I've used CA Identity Suite for five years, finding its features valuable, stable, and scalable; setup is now easier. I recommend it with a 9/10, despite connectors needing improvement and average customer support. |
| Senior Manager at a tech services company with 501-1,000 employees | 4.0 | I find the recertification campaign capabilities most valuable. While documentation and getting the architecture are challenging, the solution is stable and support is efficient. I rate it 8/10. |
| Engineering Lead at SunTrust Banks, Inc. | 4.5 | I find CA Identity Suite's Virtual Appliance excellent for internal user policing and attestation, simplifying deployment and offering a holistic view. It minimizes customization, allowing my engineers to focus on security, though seamless portal integration could be a minor improvement. |
| Security Consultant at Esoft Colombia Sas | I find the Virtual Appliance greatly improved implementation speed, scalability, and stability, making setup much easier. While support is responsive, I'd appreciate immediate synchronization for endpoint mapping and more UI personalization to further enhance the solution. | |
| Senior Director at a energy/utilities company with 5,001-10,000 employees | 4.5 | We found CA Identity Suite stable, scalable, and crucial for compliance, effectively replacing our old system. The integrated security stack was a key benefit, though we desire more mobility features. Support is responsive. |
| Director at a insurance company with 1,001-5,000 employees | 4.5 | I find CA Identity Suite's integration, stability, and scalability excellent, enabling quick setup and ROI. Despite needing more analytics and strong authentication integration, it's a proven solution covering most use cases efficiently. |
| Senior Manager - Identity and Access Management with 1,001-5,000 employees | 3.5 | I value CA Identity Suite's SSO, but it's too heavy, difficult to customize, and deployment is hard. Enhancements are slow, and I question separate product licensing, even though my company chose it for consistency. |
| Supervisor - Identity and Access Management Desktop and Mobile Support at a recruiting/HR firm with 1,001-5,000 employees | 4.0 | I rate this solution highly for its quick provisioning, self-service password resets, and efficient access governance, which significantly boosts productivity. It’s intuitive, stable, and scalable. My only request is for more comprehensive training with practical use-case scenarios. |
| Security Analyst at a financial services firm with 1,001-5,000 employees | 3.5 | I find SiteMinder's R12 release stable with improved UI. However, Identity Manager has complex integrations and confusing documentation, especially with non-CA systems. Level 1 customer service is also problematic, delaying resolutions. |
I found all of the features to be quite valuable, especially the identity manager, governance, and identity portal. All of the features are helpful.
The connectors for the identity and governance part could use some improvement, by way of adding more areas. They need more development to cover more target applications.
I've had no issues with stability. It's stable.
It is scalable when you put it into a large account.
The technical support isn't so easy, but also not very complicated. It's somewhere in the middle.
The setup has been increasingly easy with time. The new version is even easier than before.
I'm working as an integrator, so I did the deployment myself for our customers. There are about five people on my team doing integrations for other companies to implement the solution.
I would recommend this solution. I would rate it as nine out of ten. It's great, but nothing is perfect and there's a little improvement needed.
Our company acts a bit like an integrator. I have customer support experience mainly dealing with the configuration of EOL installed by CA Computer Services. My company builds the end of the support solutions of some small configurations and also upgraded the branding of the company.
The most valuable feature is the recertification campaign capabilities.
The documentation can be improved because sometimes we have some technical issues that were not documented and we have to rely on support to solve them. Then there are issues around getting the architecture, it's challenging to get the architecture.
In my opinion, an additional feature that should be included in the next release would be fully vertical mapping for data transformation, which we currently do through a third-party solution.
This version is quite stable.
Technical support is quite efficient. Plus we can write our concerns if we are not happy with the support provided. So this is fine. If we have a very critical issue, all we need to do is raise it.
The setup was straightforward. In regards to the deployment, it took one year.
It's a good product. I'll compare this tool to SailPoint Identity Suite, which is one of the best products out there. On a scale of one to 10, one being the worst and ten being the best, I would rate this product an eight.
We are using it for internal user policing and user attestation, and it is covering almost all the use cases that we are looking for.
With the Virtual Appliance, combined with CA Identity Manager and GovernanceMinder as one solution, it eliminates having multiple infrastructure requirements, multiple products, and gives a holistic view of access granting.
Before I used CA Identity Suite, it was a separately installed component, nowadays offered as a Virtual Appliance, and that saves considerable time for installing and controlling it.
Deployment Express saves time for modifications and things like that.
User attestation and role mining capability for governance.
I really haven't thought about features for that next release because it is addressing all of our needs right now.
I would say, there is one. If there was a seamless integration between portal and IdentityMinder, then that would help a bit, but I don't see many challenges yet.
I know the product so well I find it easy the way it is right now. And because the Virtual Appliance has combined everything - there was a time when the installation was a little complex. But the Virtual Appliance makes it easy now. You can spin up IDM or Identity Suite in a few hours and it is ready to use.
I have been using CA Identity Manager and GovernanceMinder for a long time, maybe eight, nine years now, and I've found in certain cases it may not be that stable. And that will be purely because of way it is implemented.
But the way I have been implementing this product it is extremely stable and can sustain access.
I have never worried about the scalability of the product. It is scalable for horizontal and vertical, however you want to scale. And with Virtual Appliance it is excellent, easy to scale the environment.
We are in the middle of implementation of Identity Suite and we have used technical support for a few things, but they were just knowledge-gap types of things. Nothing major.
Technical support is easy. All of the CA portal is trying to get the most out of the knowledge that they already have. And I think that they're doing a good job there.
CA technical support sticks to their SLAs on response time. They try to get that right, knowledgeable person on the call. If the person is not able to act, they go and reach out to the engineering or wherever he can to get the job done.
I use a couple of different solutions.
I have been working in this field for twelve years now, and comparing all of the products, the major thing that stands out is, I can have my security engineers do their job of security engineering rather than building their own solution. Of course, you have to do a little bit of a customization building something, which really falls outside of the product, but to build basic provisioning and attestation processes, you don't have to do much customization.
I don't have to use this product as a development tool to develop something which is a custom need for the organization. I can have my security engineers do the security engineering and looking at the security holes, and streamlining the provisioning processes, rather than customizing something to make the business processes.
I am involved in the initial setup by directing, designing it, and setting up a part for the administration of CA Identity Suite.
IM itself is a complex topic, but with the knowledge that I have, I find it very easy. And there are, out of the box, some key features like Policy Xpress, Connector Xpress.
It can be complex based on the environment. But if you design it correctly and change your processes to be realistic, I think it's not complex. It's just: What do you want to do?
I was looking at Oracle, and SailPoint, and CA.
Regarding the important criteria when selecting a vendor, first is the product capabilities, the requirements for the product, and how easily it can address them.
The next thing, obviously, is the relationship, what they can offer. The most important thing with CA is that they go beyond their capability, beyond their commitments, to make customer the successful. And that applies to the product team, the support team, the customer relationship; whichever team you take at CA, I think they go above and beyond to make the customer successful. That's the most important part of it.
There are a lot of good products on the market but most products need a lot of customization to get there. With Identity Suite, the security engineer can focus on the identity management topic, and give the business processes confidence easily.
I give Identity Suite a nine out of 10. The one point I'm withholding is because the IM space, specifically the Identity Access Management provisioning side of it, is constantly changing. But it's really the best.
If you are going for a similar solution, I would really see how much development time you are putting into your solution. Maybe there is a solution that is easy to install but then, in the entire lifecycle of that product, the installation is about 20 - 30%. The other 70% is the administration of the product.
IdentityMinder has a really easy way of installing it right now - the Virtual Appliance, obviously.
And the other thing is, you don't have to go out of the product range to develop something, to have a business process integration done, and the basic role mining administration done. There are some instances where you have to go for customization, but as compared to other products, it is not that often. You don't need to have the development skill set on your staff, as compared what you would need for other products.
I implement the solution for different kinds of customers, from banks to retail. I design the solution according to the use case and implement the entire solution for the customer.
Now, with the Virtual Appliance experience, it's much easier for us as consultants, as implementors. In the past, the implementation of every model separately was very difficult.
For our customers provisioning of different users and different systems is easier. That is really the key value for them.
The most valuable feature is the speed of implementation. Now with the Virtual Appliance, it's much faster. In the past, to implement this kind of solution, it would take so many weeks. Now, it takes one day, or minutes, and we have the deployment ready.
The security has been improved.
The customization of the user experience and the scheme of the solution is very easy.
I would like synchronization when a mapping is added between end points. Currently, the synchronization is not complete. It would be great if this synchronization happened immediately.
Also, some kind of personalization of the user interface, for us as implementors; the possibility of branding.
And more flexibility with the features.
The product is much much more stable than previous versions. With the Virtual Appliance it has improved a lot.
At this time there are still some issues though, related to performance with boot logger; there are some issues with performance. But we are working with support to resolve them.
With the Virtual Appliance it's very scalable. It's much easier because we can deploy several Virtual Appliances in minutes. Previously it was more difficult.
When we have some kind of issue and our internal, primary level of support can't resolve it, we directly contact CA support. They are responsive.
As consultants, often when we come with an issue it's not an easy issue. We need to engage higher support levels and they have the knowledge.
At this moment it is very straightforward; the process has been improved.
As consultants, when we sell to customers, price is the principal concern in selecting a vendor. The experience of the company as partners is also very important. Finally, the stability of the product.
I would advise, first, compare products and research their flexibility and how easy it is to implement the solution. Maybe it's difficult for many technicians. Also, compare what is offered in the market with what you want to do with the solution. If your requirements are small, maybe don't need this kind of solution. But for a big company with so many requirements, a solution like CA Identity Suite is more affordable.
We have used CA's security stack. We have used CA Identity Manager, CA SSO, CA Privileged Access Manager Server Control, CA Identity Governance and CA Strong Authentication. The total integration of the product was very beneficial for us. Additionally, the CA Identity Suite was able to replace our old mainframe based identity suite with a newer generation, more rapid development tool, which helped us to achieve our roadmap and reach the destination which we were looking for. It was a two year journey. We started with the end in mind. It was pretty helpful in achieving that journey.
CA Identity Suite has been extremely helpful for us from the user onboarding/offboarding. We are a company where SOX/PCI, other regulatory compliance is very important to us. It kept us honest from the standpoint of meeting the regulatory obligation, as well as keeping the environment safe based on user onboarding and offboarding.
The key feature I would like to see is close loop remediation, which is in conjunction with CA Identity Governance today. That will be one of the key features, including the mobility features on password self-service, which will be another key feature for us.
The suite has been pretty stable. Initially when we started the initial deployment we had some hiccups. CA was nimble, they worked alongside with us. They provided us help when we needed. It helped us to strengthen our deployment. Right now we have about 99.99% availability.
It's pretty scalable suite. We are running it for all of our user-base, about 12,000 users, employee contractors. It has been pretty successful. We have done mass updates to the data as well, in terms of company name changes, job title changes. It has been pretty stable and scalable.
We use technical support almost on a weekly basis. We have a good relationship with the technical support teams. They have been pretty informative. We also have some folks who help us on an ongoing basis to provide us fixes for issues which we identify. That has worked extremely well for us.
As I stated earlier, we were using mainframe based security provisioning. As part of our mainframe exit program, we decided to move to a newer tool set. We did a market review of the toolset and we selected CA as one of our partners to implement the identity manager.
I was involved in the upgrade process. The upgrade worked out well. We also had a CA advisor which was on the account. He helped us through the journey. We were able to reach our objective in a timely fashion and within the budget. Which was important.
We pretty much had all the other industry leaders. CA products had a full stack, not just the identity, but CA Identity Governance, CA SSO, CA Privileged Access Manager Server Control and CA Strong Authentication. That made our decision to go with CA tools.
I would rate it between eight and nine. It does meet our objective. Again, like any other product there are some bugs which we identity, but CA is good to respond back to those defects and provide us patches in a timely fashion.
I would safe CA is a very strong tool in the security [space], especially in the identity area. Definitely evaluate them. Talk to other folks like us. Make a wise decision on your identity journey.
The most important feature is the integration between the various modules of Identity Suite with the enterprise assets, as well as integration between the components of the suite.
Easy and quick integration of CA Identity Suite with company systems improves security and provides a quicker ROI by decreasing the time we need to spend on these tasks.
We would like to see more analytics in the solution. Better integration with the strong authentication components from CA that were also acquired during the RFB, but are not yet operating to their full capacity.
The Identity Manager and Identity Governance have been stable for quite a long time and are proven solutions that CA has had in their portfolio for a while. The portal looks promising and each new release brings new functionality. Since the portal plugs into the Identity Manager and Governance infrastructure, it should be easy to implement.
Scalability has been proven with the distribution of components that can be implemented in multi-tenancy, as well as over HA-enrolled balanced architectures. Additionally, the supporting back-ends such as the CA directory are known to hold up to millions of users.
Technical support for CA is great. It is very consistent service. You just need to know how to talk to them and find the right person so they become your internal partner as well.
The client had a legacy mainframe environment that did not evolve at all. On site, we had a few security frameworks for it. One was commercial, CA Top Secret, and three homemade. The other one was a competitor web access managementsolution that didn't fit the new web services approach of the digital transformation.
This client was a clean field for the IM program.
I did the overall architecture of the solution with the assistance of three architects in the Identity Access and Governance base.
It's been very straightforward. Actually from the RFP on, we completed the lifecycle for the acquisition of the solution in four months, which is quite an achievement. These projects normally take about a year in a financial, banking or insurance environment. We're now moving into production to protect critical client applications after only six months of implementation.
First, functionally speaking, we needed strong authentication. In the insurance business, especially for health care or workplace accidents, there is a high degree of confidentiality and privacy to implement. So multi-factor authentication is a key function. Second, this client is migrating from a very legacy mainframe environment, to REST-based web services. The API management with the API gateway was also a no-brainer since it integrates very well with the Identity Suite and CA Single Sign-On.
When looking for a vendor, we look for good integration and scalability. I would advise potential customers to evaluate the necessary preparation of the current environment. I think they will probably find 99% of the use case they need to implement covered by CA Identity Suite.
Single Sign-On is valuable. We're moving away from the OHSON products and we chose CA on the identity side.
One of the good things I noticed, but which we haven't started using yet, is the SIGMA portal, which used to be an IDMLogic product.
I think CA is too heavy and can't do some things out-of-the-box, so I can't tell you that I love Identity Suite, because right now I don't.
Also, everything's a customization, though they say it's not. What was easy to do with Xceedium has now become very difficult following CA's acquisition of them. The model that I see with IdentityMinder, for example, is that they are trying to think of all the things that the people would want to customize, and they make it out-of-the-box. Let's say I want a custom connector, but it's difficult to do that. So we have to go back to CA and get something, as opposed to doing it myself. To fix it, you get a product enhancement, which can take a year.
It's not a horrible solution. You have SiteMinder, which is really good and the best of breed. What's interesting to me is just CA's model where, for example, they've added the secure proxy server which they're calling the application gateway. Everything must come through that, making it a little bit difficult sometimes to use the product.
Also, when I look at CA's other products, why are they different products? Why, for example, aren't they just part of your SSO product? Why do I have to buy a license for a product when the only use is going to be with SiteMinder?
We have barely deployed this, so we're just figuring out the basics. It's a huge learning curve, and we hope to deploy it in actual production in the next 2-3 months.
Deployment is pretty difficult right now, but it's not all CA. Some of it is internal politics of us going from one product to another.
We were using the Sun Microsystems product set, and are phasing it out. We switched because the corporate-facing infrastructure had to use what the consumer-facing infrastructure had already picked, which were CA products.
We evaluated Oracle Identity Manager at one time. We chose CA, however, because another part of our company had already chosen SiteMinder, so it made sense to stick with the same company instead of having CA and Oracle as two competing companies for two different products.
My favorite feature of the suite is, of course, the provisioning aspect of it. It allows you to provision accounts within minutes instead of waiting weeks. That's a huge benefit for business at the end of the day, so that you can get your workers up and running in a timely fashion.
We use it for password resets as well. A user no longer has to call the help desk for a password reset since they can do it on their own time. They're not waiting on the phone for a long time because they can reset their password right away and continue with their day.
We also use Identity Governance for access verifications. We no longer have a paper process of going around to each manager and have them sign off. It's a real comprehensive way of ensuring that controls are in place and their access is certified on a timely basis.
We put people to work every single day. When a person starts on their first day, they don't want to wait weeks to actually start working. It's very unproductive for that person to wait weeks in order to do their job. In order for them to be beneficial, we need to get to their access right away. That's how Identity Suite is very beneficial.
We recently implemented it and are still kind of playing around with it. We're still trying to get used to it.
However, although it's a lot easier than some other tools that we've worked with, we always want more training. We had CA provide that for us, but some of the trainers went to quickly and didn't provide enough use-case scenarios for us. We really would have liked for them to slow down a bit.
We implemented it 6-8 months ago.
We haven't had any issues with deployment.
It's extremely stable.
We have around 8,000 users. As far as I can see, it's extremely scalable. We put it through its paces during testing when we went from 8,000 to 20,000. There's really no issues with scaling that we've seen.
We have a service vendor. If we have any issues, they'll engage CA technical support.
We were comparing it to Oracle, IBM, and Microsoft. We chose this because it was extremely more intuitive than the other products. We could definitely see ourselves having less of a learning curve of getting to know this product, and establishing expertise on this product, than the other products. They were a lot cloggier, a lot more limited in their capabilities.
I'd rate it pretty high. I like all of its features, and then coming here to CA World, it's exciting to see the new capabilities that they're going to be tagging to this new tool.
As far advice goes, I'd say, definitely do your homework. Realize the things that you want to do, that you want to accomplish, and what the business wants to accomplish as well. See if this tool really fits that need.
I find the UI much simpler than the previous version. The documentation in the current version is better as well, even though the documentation is still a bit confusing.
Policy Express is now included in the UI, which saves time and effort, however the analysis and basis of the policy express is still complex. People who are used to different technologies that have more linear layout may find it difficult.
For now, we are able to synchronize passwords; the only problem we can see are some issues with monitoring with multiple components. With the password synch there is no way for me to find out whether it’s working, so the log file will only get updated if someone tries to change their password, which hits the data centre, and then logs it. So if nobody changes their password that way there’s no way to monitor whether the components are actually working.
It would be nice to integrate IS with other technologies – other HR systems like Oracle or other similar products. SiteMinder, for example, can integrate with third party agents, but we cannot set an endpoint with an Oracle HRIS system in Identity Suite. So there is additional work to do.
For SiteMinder it would be nice if they fixed the reporting server- the main issue is that it is connected to the policy server, so if the reporting database goes down the policy server goes down. The solutions for reporting make it difficult in terms of the reporting database, given what that database does. There comes a questions – will it be business-wise smart to have failover for the reporting server? Just for us to have high HA for our setup, I’d require that my reporting server be high HA as well. There should be a different means for us to get our metrics. It shouldn’t be complex.
So far it is stable.
We are running an HA system – the only problem with Identity Suite is how to integrate multiple systems. The connection express provides multiple solutions, however integrations with other products such as HR systems is complicated. There is some difficulty setting up integrations with other products outside the CA Suite, partly because of the documentation. No straightforward documentation – unless you’re very familiar with the documentation you might have difficulty scaling it.
If we’re talking level two or three or up it’s fine, but the problem is with level one. Even though you give a description of the issue – e.g. when we turned on advanced logging where the server goes up and down. We specified that they wouldn’t see any problems in the trace logs, and they kept asking for logs which were useless in this case because it was a crash. We needed to reference the issue in the secure dump files.
It took two weeks to get an answer which we had to escalate a to a higher tier resource. They tend to follow a generic script – they can ask for all those logs even though the logs are not related to the issue itself. So the initial service can take a very long time, and sometimes we have to escalate to our sales rep just to get answers.
For R12 SiteMinder and some of the updates for advanced authentication. It was a bit complex because due to the nonlinear nature of the documentation- the issue is not related necessarily to the setup itself. It also goes back to the issue of integrating with other apps – that’s where the problems lie.
SiteMinder is 8/10, especially with the release of R12. They included SaaS in the SiteMinder setup, so you don’t have to extend the policy server. You can use the same one as web service protection, and includes coverage for the proxy server.
For Identity Manager, I’d give it 5/10 process wise it’s stable but they need to come up with better instructions on how to integrate it with different types of data sources. It goes up and down rather than endpoint to endpoint; when you do a configuration if the GUI would be much simpler like how SiteMinder creates integrations it would be easier. It is not intuitive, so if you miss a part with the creating of the rules, it’s complex.
Have a strong case study on how the organization is handling different use cases and how to best implement the use cases.
![CA Identity Suite [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_100/PNT6PqoKPXw9AHMYdimfVbN9.jpg?_a=BACAGSGT)
![ForgeRock vs CA Identity Suite [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/euqtq81u8g4050d9vk0rk1nxksfl.jpg?_a=BACAGSGT){kind=small}
![Oracle Identity Governance vs CA Identity Suite [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/8g8t9pkm2lzijgdvjrnla0p56jcn.jpeg?_a=BACAGSGT){kind=small}