| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Okta Platform | 4.3 | 10.3% | 96% | 118 interviewsAdd to research |
| SailPoint Identity Security Cloud | 4.1 | N/A | 97% | 72 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 9 |
| Midsize Enterprise | 2 |
| Large Enterprise | 16 |
| Company Size | Count |
|---|---|
| Small Business | 38 |
| Midsize Enterprise | 18 |
| Large Enterprise | 14 |
IBM Tivoli Access Manager [EOL] was previously known as Tivoli Access Manager, IBM Security Access Manager.
| Author info | Rating | Review Summary |
|---|---|---|
| Senior Consultant at a insurance company with 1,001-5,000 employees | 4.0 | I find this single product excellent for our business needs, especially its valuable reverse proxy and easy integration. It has no stability issues, but I believe multi-factor authentication with social integration needs improvement, and initial setup is extensive. |
| Infrastructure Specialist at a financial services firm with 5,001-10,000 employees | 3.5 | I appreciate the product's valuable SSO for multi-tenant applications. However, I encountered major issues due to its overwhelming complexity, stability problems in earlier versions, and high setup and scaling costs. It demands extensive specialized resources. |
| Senior Consultant at a tech company with 10,001+ employees | 4.0 | I find IBM Security Access Manager a strong product, offering robust features like MFA that significantly reduce help desk calls. Its setup is straightforward and it's stable, though the self-service portal needs improvement. |
| Senior IAM/ Security Consultan at a tech services company with 11-50 employees | 4.0 | I find the product offers robust security with strong features like OAuth 2 and OIDC. While the UI needs improvement and configuration can be complex, I experienced no stability issues and recommend the latest version. |
| Security architect at a tech services company with 1,001-5,000 employees | 4.0 | I find this solution promising, especially its 'Verify' feature which could reduce help desk calls and enhance security. I haven't tested its stability or scalability, as it's currently a demo. I'm happy with its potential and roadmap for future security features. |
| Application Development Team Lead at a tech services company with 1,001-5,000 employees | 4.0 | I've used this secure, stable solution for three years. While good for large organizations, its high cost and complex setup, plus evolving client needs, are prompting my move to ForgeRock. |
| Technical Lead at a tech services company with 10,001+ employees | 3.5 | I appreciate its flexible connectivity, stability, and organizational improvements. Setup was straightforward and pricing competitive. My main issues are occasional Java process hangs and missing AngularJS support. Overall, I recommend it. |
| Middleware Specialist at a tech vendor with 10,001+ employees | 4.0 | I value IBM TAM's SSO and centralized security, using it five years with straightforward setup. It is a good security product, but iSAM's appliance model and cloud dependency make me consider alternatives. |
| Solutions Architect with 1,001-5,000 employees | 4.5 | I find ISAM highly scalable with easy SSO setup, good performance, and excellent support. Administration improved in v9.0, but I believe documentation needs work. Initial setup is straightforward, and licensing is competitive. |
| Principal Consultant at a tech services company with 1,001-5,000 employees | 4.5 | I find Tivoli Access Manager's WebSEAL fast, stable, and scalable, backed by good support. While configuration is fussy and the C-based step-up authentication is limited, I've used this reliable solution since 2003. |
It is a single product that caters for all the business needs throughout the organization. It provides a seamless integration that in turn encourages most of the applications to use the SSO features.
Reverse proxy is the most valuable feature as it provides central control over authentication and authorization. The integration effort with the end application is quite straightforward and easy.
Multi-factor authentication with social integration needs to improve.
There were no stability issues.
There were no scalability issues.
An acceptable prompt response is received from the technical team depending on the severity of the issue.
More features were found in this product compared to the previous solution that we were using.
It needs quite a lot of time to design the architecture and properly layout the deployment for the high availability setup.
We looked at a couple of other products namely CA and Oracle.
Properly understand the requirement and deploy the application correctly as the product comes with a vast number of features, that we might not use unless we don't check wisely.
Allows users to use a single password across a set of multi-tenant application suites. This would have otherwise required 50-100 unique passwords per application. This allows the user to inject a centralized password (a.k.a. authentication service credential) with little ease and increased reliability. In turn, this removes the user element of the logon process, which is often the root cause of the invalid password attempts.
Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites. These are heavily customizable and can fully integrate with in-house provisioning systems.
The profiling element is incredibly robust, but also equally as complex, it requires an off-site course to be able to understand the context or the plethora of options available.
The majority of the "IMS profiles" we use are too dangerous to touch without multiple engineers having oversight of a change and an incredibly thorough change management system.
For clarity, an IMS Profile is the process flow in which the SSO component uses to recognize application screens, Windows and logon fields to be able to decide when to intercept and inject credentials into SSO managed applications.
There were endless issues with stability in version 8.0.1. There were issues with stability, anything from the IMS Services stopping on any of the IMS servers (the infrastructure servers responsible for allowing user connectivity to the back end which provides the user with their "wallet" at logon. These issues were improved with several hotfixes and service packs but the out-of-the-box version lacks any automatic SQL cleanup utilities, so to perform a cleanup of old users or wallets is dangerous SQL, which interrogates the database - to our knowledge this has not changed in the latest version.
There were scalability issues with 8.0.1. Whilst we could build a new VM with the underlying OS and prerequisites, IBM was always required to assist on-site as only they knew the complicated and fairly undocumented procedure to implement a new IMS server to the pool. In 8.2.1, this has been amplified tenfold as the solution moved from Apache on Windows to IBM WebSphere on Windows, which is incredibly complicated and requires multiple levels of specialist knowledge. This makes it nearly impossible for our company to expand the number of nodes in the WebSphere cluster without accidentally introducing new issues in the said cluster.
Technical support is very good, incredibly thorough, and if you have the right support agreement in place, it can be infinite. That being said, when raising a ticket, due to the complex nature of SSO, you need to provide a ton of technical details in the form of logs from the end point to the back end.
These recycle at a very high rate, especially in larger estates so acquiring the logs is not always easy. For this reason, we've had some larger issues outstanding for quite some time. For supported versions, if the level 1-3 teams can identify the cause, they will either provide you with a hotfix that has been previously developed, give you in depth instructions on what needs to change, or refer the development team for a bug fix.
We previously managed passwords without an SSO solution. The next step was an enterprise grade SSO solution. At the time, the IBM SSO offering seemed to fit the bill.
In v8.0.1 (several years ago), the out-of-the-box solution was very complex and required a huge amount of IBM's time (at cost to the client!) in order to implement the entire solution (test/uat/prod clusters).
Due to the nature of our business and the complication around some of the applications we deploy and wanted SSO to manage, this made the production implementation of SSO take in excess of one and a half years.
The IBM prices are, as ever, extortionate, even with a business partnership, and high levels of discounts. This is the same as with other IBM products.
Several options were put on the table during an initial paper based PoC, but there were no other viable enterprise grade solutions which offered all of the functionality we required.
Read through the (openly available) profiling guides to get a good understanding of how complex the profiling process is going to be. If you have very complex applications, which aren't a simple "start > username/password window opens > end", then you will be opening yourself up to needing a permanent resource to manage the entire solution end-to-end. IMs in all versions can get very unhappy if it's not nursed from time to time.
We implemented MFA in way that helps us to reduce a lot work load in terms of reducing help desk call to reset password.
The self-service portal needs improvement.
I have been using this for five years.
We have not had stability issues.
We have not had scalability issues.
I rate technical support 7.5/10.
We moved from IBM Access Manager 6.0 (software) to IBM Security Access Manager 9.0 (Appliance). We needed to implement MFA and some other features which are not supported in the old version.
Setup of the appliance it straightforward.
Pricing and licensing depends on buyers and sellers negotiation. Comparing the features and cost in the market will give a fair idea.
We looked at Oracle Access Manager.
It is one of the best products in the present market in the area of access management.
It provides robust security.
The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features.
The URL-based access control has become more important due to the paradigm shift towards RESTful APIs, i.e., where URLs uniquely represent the resources to be protected. IBM TAM has a rich authorization model which simulates the system/environment to be protected by its protected object space. This makes it easy to visualize the hierarchical model of the end system and to attach ACLs/policies and customized rules, to the objects to be protected.
OAuth 2 is now the de facto standard for API protection and scoped authorized delegation. IBM TAM now supports OAuth 2 and can act as fully compliant OAuth 2 authorization server.
OIDC is fast becoming equally or more popular than SAML and is certainly the modern developers choice for SSO, i.e., for both the cloud/on-prem apps. The newer version of the IBM TAM supports OIDC, which can act as the OIDC provider.
The user interface for LMI needs improvement.
The Local Management Interface (LMI), especially for the older IBM Tivoli Appliance Manager (TAM) version, can be improved in terms of overall UI/UX and also, in terms of the performance of the monitoring dashboard.
The LMI for version 9 is much better in that respect.
An Amazon Machine Image (AMI) for the newer appliance versions for hosting the virtual appliances on AWS will help.
There were no stability issues.
There were no scalability issues.
I would rate the technical support a 6/10.
The initial setup was of medium level complexity. The subsequent configuration was complex.
Go for the latest version.
I am pretty happy with the outcome so far this year. We have yet to hear from the customers. I have not updated it myself and I have not done any work with customers. Looking at their roadmap, they have a broad grasp of the security features which the industry needs.
I have not tested the stability yet. This is the first time that I have seen it. I cannot comment on the stability at this point.
I can’t comment about scalability. This is the first time that I have heard about this technology. I would like to learn more about this offering and then I will know how stable and scalable it is.
We haven’t used technical support yet. This solution has not yet been released. It is still just a demo and it is going to come out in the next few months.
I have been with this technology for over ten years. I have been following all the developments closely. I know that it is a good solution for customers to invest in.
My advice to colleagues is to try the solution.
When looking for a vendor, I want the following from them:
It is a totally secure way of accessing clients through various application portals for more than ten EU countries, just by using single sign-on. Moreover, its EAI makes customization easier with the Java/J2EE Applications.
I have used this solution for three years.
There were no stability issues. However, trends are changing so fast and so are the clients' requirements. The clients also want their hold on the product. They are showing interest in customization.
There were no scalability issues.
This is my first product. However, I am moving, along with my clients, towards ForgeRock OpenIdentity Stack.
It totally depends on the way the client wants to set up and implement the product. The security requires complex implementation. This is where no one wants to compromise.
The pricing is always costly.
After working for three years with this solution, I am now looking for other products.
It is the best product for bigger organizations, but trends are changing so fast. You should look at ForgeRock OpenIdentity Stack if you are looking for a slightly lower price range.
The automation of provisioning has reduced the time it takes for creating a user or an employee in our organization.
Flexibility to connect with different environments and product stability are the best features.
Microsoft has active file handling where you can access different types of documents from the browser itself. This is not supported anywhere other than with Microsoft products. This is desirable, but not a show-stopper.
AngularJS is not yet supported. This could be a cause of worry, since we are seeing the emergence of many AngularJS scripts in webpages. I am sure IBM is working towards enabling it.
There is Java process that hangs in WebSphere almost every month.
We have had no problems with scalability.
I would give technical support a rating of 4/5.
I have always worked with IBM products. This solution was from Tivoli before IBM acquired it.
Compared to the Oracle setup, the initial setup was straightforward.
Pricing is competitive and is lower than other players in the market.
We evaluated Oracle, SailPoint, and ForgeRock.
Go for it. It will be good for your business.
From my experience, most of the product features are meant for specific purpose(s) of its own demand and need. Implementing the feature depends on case to case, considering the organization's enterprise/middleware infrastructure design.
TAM component integration and their SSO capabilities and transparency are the most valuable features I have found.
It applies access controls on an organization's web space while running on its components independently, while being highly available. We can isolate our organization infrastructure from security considerations, as we have our entire organization security policy centralized, organised & administered from its API.
Older TAM versions are not compatible for connecting to a DB. I'm not sure if it is available in iSAM 8/9.
However, since iSAM 9 was released as an appliance model, I don't think having a DB as a TAM database directly makes any difference for the users.
I have used it for five years.
We have not encountered any deployment issues. There were a few challenges while implementing ETAI, and ETAI++ integration with the existing infrastructure.
Kerberos setup/run time & virtual hosting concepts have some limitations.
We have not encountered many stability issues.
We have not encountered many scalability issues.
Customer service is 8/10.
Technical Support:Technical support is 8/10.
I have used CA SiteMinder, as well.
I don't see any technical reason for switching a strategic product from IBM TAM. However, considering the iSAM way of making an appliance model, which creates dependency on the cloud for infrastructure, we may think of other options.
Initial setup is straightforward, but we might have to consider the solution architecture to make full use of its components' capacity.
Implementations were in-house projects.
Before choosing this product, we evaluated CA SiteMinder and Oracle Access Manager.
It is a very good security product to integrate with any middleware infrastructure.
Our customer had SSO requirements, as well as web-firewall and federation requirements that we fulfilled through this product.
Administration of the product can be improved a lot. IBM has taken care of this in good manner in release 9.0.
Product documentation, especially the new version 9.0, should be improved to give a quick understanding of product components and features.
I have been working on this solution for over seven years.
We did not encounter any stability issues.
We have not had scalability issues. It has good scalability features.
Technical support is good to excellent.
We used Novell eDir Access Manager.
Product setup is straightforward.
Licensing is good for this product as compared to other solutions in the market. It has competitive pricing.
We looked at OpenAM and Novell eDir Access Manager.
Choose a good implementation team and do not do an in-house implementation.
Tivoli Access Manager's proxy product (WebSEAL) is extremely fast. The configuration options are mysterious and old-school, but they are a rich and small enough set that you can comprehend them and get it working right. The auth and policy product has a reasonable LDAP implementation.
Step-up authentication in WebSEAL is a hook. You write a function to a particular spec, register it, and it gets called. The hook is in C, which makes sense because WebSEAL is fast and could not be written in an interpreted or high-level language.
Note that this is a way to improve WebSEAL modules, not a way to defer authentication to another server. For more, compare the second and last entries on this page.
There is only a single step-up authentication path, but I have sometimes seen the need for several steps or a divergent path. It’s getting hard to find people willing to admit that they still write in C programming language.
We have used this solution since 2003.
No stability issues. This solution fulfills the common expectations about IBM software. It is fussy to configure, but runs like iron once you’ve got it right.
No scalability issues. I get problems with the LDAP or the underlying machine first.
They provide very good technical support. Perimeter security is a hot-button topic and you can get some serious help if it’s not right.
While there are many products in this field, most companies use either this solution or CA SSO. I encountered others on rare occasions, such as Oracle, Entrust, Ping Identity, and NetIQ.
I am not an admin for this solution, but it holds no special terrors.
The issue is not how IBM licenses the product. You should think about how much of your traditional web traffic is going to migrate to your mobile/service gateways. If you are writing a lot of mobile apps and new JavaScript Frameworks UIs, then your traffic mix is going to change.
I am a consultant and typically work with the IBM stack.
This solution’s pricing is by usage, not by instance. That means you can set up as many instances as you like. Never craft a really complicated configuration. In other words, put functionality A over here, functionality B over there, and let your F5 (e.g.) direct the flow of traffic.
![IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_100/vrgt1zpi8gqi3wy9lt9smu963yx9.jpg?_a=BACAGSGT)
![Okta Platform vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/2pkzcsx0b634w5a1dg7bgjpr1qot.jpeg?_a=BACAGSGT){kind=small}
![SailPoint Identity Security Cloud vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/2ha76qegjoso14p9upcxqd07806v.png?_a=BACAGSGT){kind=small}
![Ping Identity Platform vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/euqtq81u8g4050d9vk0rk1nxksfl.jpg?_a=BACAGSGT){kind=small}
![One Identity Manager vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/kddub7q394o13sm0jkbxad42mmqb.jpg?_a=BACAGSGT){kind=small}
![Idira Identity vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/suslbfp8wfy0j25ikaw1di8pijc9.png?_a=BACAGSGT){kind=small}
![Symantec Siteminder vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/PNT6PqoKPXw9AHMYdimfVbN9.jpg?_a=BACAGSGT){kind=small}
![SAP Identity Management vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/slq594cx14rubccdwwim.png?_a=BACAGSGT){kind=small}
![OpenText Identity Manager vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/durwsc3z47nd2vx5dltpkmpv49gk.jpg?_a=BACAGSGT){kind=small}
![Imprivata OneSign vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/jeB7fbnmMsActTS95NBHonR1.jpg?_a=BACAGSGT){kind=small}
![i-Sprint AccessMatrix Universal Access Management vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/bt3ibaqg2dxu2x5kp06x98v0t8m7.jpg?_a=BACAGSGT){kind=small}
![Tools4ever HelloID vs IBM Tivoli Access Manager [EOL] Logo](https://images.peerspot.com/image/upload/c_scale,dpr_3.0,f_auto,q_100,w_30/PXW7erScBXLpMufkHstBXyjY.jpg?_a=BACAGSGT){kind=small}