RSA Identity Governance and Lifecycle Reviews

We provide RSA Identity Governance and Lifecycle as a service, mainly to oversee the digital identity lifecycle, from the initiation to the off-boarding at the end of that digital identity.

Our clients use RSA Identity Governance and Lifecycle for handling joiner, mover, and leaver events, which is one of the key functions for the IGA.

The main benefits people receive from RSA Identity Governance and Lifecycle include the typical functions of any overall end-to-end lifecycle management of identity, which encompasses the other functions of joiner, mover, and leaver.

The portal is particularly intuitive for people to use.

The functions of RSA Identity Governance and Lifecycle, especially the IGA, are quite strong with their custom forms and workflows integrated.

The user interface is very friendly and easy to use, making it a good product overall. However, it still has to be on-premise and the cloud version is not easily accessible, as dedicated instances are required and machines cannot be shared as multi-tenant for various customers.

The advanced policy features of RSA definitely help in defining certain policies such as segregation of duties.

That's particularly useful along with creating different access reviews.

Regarding access control in simplifying access management, RSA Identity Governance and Lifecycle has strong foundations of groups and roles, which help in defining all policies very easily.

This makes it very easy to integrate with other access management tools or privileged access management tools.

There is room for improvement with RSA Identity Governance and Lifecycle.

As the size becomes larger, the collections and unifications of the IDs process become quite slow, which can be improved further.

In the case of file size, performance decreases when file size increases.

Integration with additional functionality, such as third-party applications, would be a great suggestion for RSA.

Particularly, easy integrations to a privileged access management suite, along with moving the whole suite to the cloud and making it multi-tenant, can be a significant advantage for service providers or large enterprises.

I have been working with RSA Identity Governance and Lifecycle for around eight years.

For stability, RSA Identity Governance and Lifecycle rates at an eight.

As a practice, I use the N minus one version, which is usually more stable.

The latest version would eventually have issues which the team works to fix, hence we use one version below.

RSA Identity Governance and Lifecycle is quite scalable.

Large enterprises use it, and it's not about the size of the number of users or identities; it's mainly when it becomes slow.

The technical support for RSA Identity Governance and Lifecycle is excellent.

They have great professional services at a price, but the engineers at professional services are key for any large enterprise for their stability and services.

Positive

The initial setup for RSA Identity Governance and Lifecycle is not particularly complex.

Once it is a SaaS solution, one can do away with that initial setup.

RSA Identity Governance and Lifecycle is somewhat high-priced.

Unless you have good relationship partners with RSA, it is expensive for any medium business.

I haven't been much exposed to other options, so I cannot comment on the main competitors for RSA Identity Governance and Lifecycle.

I have used RSA and found it to be straightforward.

Overall, I would rate RSA Identity Governance and Lifecycle at an eight out of ten.

The most valuable feature of the solution stems from the fact that it is really easy to have connectors to search for on-prem applications and provide access based on roles. In my company, with the help of the solution, we set up job templates based on the HR data we get, and we also provide IT access, a part that we have included in a matrix based on what type of users we have.

Every connector that you have in the product needs to be custom-built, so there are not a lot of standard connectors available in the product, because of which there are a lot of hidden consultancy costs. Everything in the tool needs to be developed by people who are experts in RSA products, and there is nothing that people who work in-house at a company can do. The aforementioned areas of concern can be considered for improvement in the solution.

I have been using RSA Identity Governance and Lifecycle since 2017, which makes it six years of experience. I am a customer of the product. At the moment, my company works with an outdated version of the tool since we are looking at some of the other solutions offered in the market, especially the ones that can be deployed on the cloud, as we want the product to offer us a lot of cloud access. The version of the product we have in our company is not compatible anymore.

Stability-wise, I rate the solution a nine out of ten.

Scalability-wise, I rate the solution a six out of ten.

Speaking about the scalability of the solution, a user needs to think out of the box since there is not always a very straightforward solution available that you can just connect to any application since, at times, a user may have to take a side road to get to that point.

Around 4,000 people, consisting of planning officers and people from customer care and finance departments, were using the solution in my company.

My company used to use the solution daily for the life cycle management of our IT accounts. Every new change happens or gets created automatically every day.

The problem with the support team stems from the fact that my company is in the northern part of Europe, while the support we get is from India, because of which there is a gap between connections.

I rate the technical support a three out of ten.

Negative

I rate the product's initial setup phase a seven on a scale of one to ten, where one is difficult and ten is easy.

The product's initial setup phase is a bit complex since you need to have a certain level of experience in SQL, so it's not for everyone within the business to handle its setup phase. My business partner and I, who used to run the product, were fine, but we had another colleague who wasn't used to programming, like using the queries and searches.

The solution is deployed on an on-premises model with the help of SAP and Active Directory.

I can't really tell the time taken to deploy the solution because it was done by my ex-colleague with whom I had implemented it while we were in service so that knowledge is now with my other colleague.

The tool's deployment was taken care of by a consultant who became a part of our company's in-house team.

Everything that is automated with the tool will always deliver business value. With the tool in place, you need to hire fewer people to provide access, and you have control over your processes. You won't have open accounts that should be locked anymore, which makes life easier, especially in terms of providing access while handling my other ongoing projects.

I rate the product's price a five on a scale of one to ten, where one is cheap, and ten is expensive.

For the kind of solution that it is, I would say that the prices are on the lower side of the spectrum, but you need to pay a lot of consultancy fees. My company used to pay 30,000 EUR a year based on the users in our company.

After an evaluation process was carried out in my company, we have decided to move to SailPoint. My company chose SailPoint over RSA since we faced a lot of trouble finding new consultants to support us within Europe. RSA's experts are all based in India these days, and my company feels that they are not on the same page as SailPoint, especially when it comes to providing access to cloud applications. Every connector in RSA needs to be built separately, while with SailPoint, we see that a lot of the connectors we want exist within the product, meaning the connectors are a part of the product and just need to be configured.

Two of the members of our company's in-house team and a consultant for support were required to take care of the maintenance phase of the product.

I rate the overall tool a seven out of ten.

RSA Identity Governance and Lifecycle can be deployed on the cloud or on-premise. We have our own proprietary cloud solution created along with RSA Identity Governance and Lifecycle and it's deployed on the AWS platform.

We use RSA Identity Governance and Lifecycle for a broad level use case for service, mainly on the governance of the overall lifecycle of the entities. However, the use depends on the business of the clients, but mainly on managing their entities.

RSA Identity Governance and lifecycles are good for the access certification and auditing sections.

RSA Identity Governance and Lifecycle could improve out-of-the-box customization.

The solution has to adapt better because all the other competitors have their own SaaS solutions which have their own multi-tenant functions with ease of integration with the enterprise.

I have used RSA Identity Governance and Lifecycle for a couple of years.

The stability of RSA Identity Governance and Lifecycle could improve. It has some bugs that need to be fixed.

RSA Identity Governance and Lifecycle is scalable. In our and our client's organization the solution has been able to scale and is robust.

We have approximately 10,000 end users using this solution.

The support from RSA Identity Governance and Lifecycle could improve. If there are any bugs, we have to engage them and receive a resolution, but sometimes these can run into months for a solution.

I rate the support from RSA Identity Governance and Lifecycle a one out of five.

Negative

RSA Identity Governance and Lifecycle

We are using the cloud platform, but we don't find it compatible to be served as a multi-tenant platform. This is a large drawback. It becomes expensive because it is then an all-dedicated solution. You have to have a separate tenant for each client, which increases the cost. The overall unit pricing can be less expensive than how it is right now.

There are no additional costs other than the standard licensing fees.

I rate the price of I rate RSA Identity Governance and Lifecycle a two out of five.

The documentation of RSA Identity Governance and Lifecycle is well done and there is online help available, but troubleshooting bugs they should be more proactive so that we can address the issues to the customers faster.

I rate RSA Identity Governance and Lifecycle a five out of ten.

I use this solution for joiners/movers/leavers along with the add-back, role-based access control, and certification.

The data collection is excellent and easy to do. It does not require a lot of configuration nor does it require rules to be written like other competitors do.

This product is missing a lot of features which other competitors are providing. One of the key features that are missing right now is risk scoring. Additionally, there is not much scope for customization - everything is hard-coded and predefined, so it does not allow the developers to make many modifications.

I think the solution is stable for the most part with occasional performance issues. In my opinion, it is not meant for larger companies.

The solution is quite easy to scale.

I was working on a very critical project involving cluster deployment and needed RSA technical support to help us configure the cluster in our environment for on-premise. They assigned two engineers. One was not available until the last moment even though we contacted them nearly one month in advance. For that whole month, we were not told what we needed for the update, then just one day before the actual upgrade, they came out and said that they require physical access, a CD to be inserted in the data center, etc.  Our project ended up being delayed as a result.

The other engineer, in the middle of the upgrade, told us he was not sure what kind of architecture we were using. Support needs to improve their communication and efficiency as a whole.

Setup is straightforward and takes a team of roughly five members three to four months to complete depending on the size of the environment.

Competitors include SailPoint, CyberArk, 300, and Clarity.

It is important to note that this solution runs on Oracle database only. So, even if your organization already has a database, they will still need to purchase another one. This also would require them to get a separate team of Oracle experts.

Additionally, there is no automatic load or failback process.

Overall this solution is best for a customer without many advanced tools within their environment who do not require integration with identify management. 

We are a solution provider and this is one of the products that we implement for our clients. I have helped to deploy this solution to two customers so far.

The primary use case is the addition of another layer of authentication for users to access the network.

The most valuable feature is the security, in particular, the One Time Password support.

Better integration with other solutions such as Oracle Database is needed. Currently, some SQL databases cannot be integrated with RSA.

Technical support in Pakistan can be improved.

I have been working with RSA Identity Governance and Lifecycle for between four and five months.

The stability is generally good. We have experienced bugs but RSA has provided patches for them.

We have had no problems with scalability.

The technical support is generally good, although in Pakistan it could use some improvement. Overall, I would say that product support is average.

I have worked with other solutions and I find that RSA is more mature than similar products by Fortinet and Cisco.

The initial setup is straightforward and it is definitely easy to deploy. That said, there are some complexities in the setup that are inherent to any security product.

The length of time for deployment depends on how many devices you are trying to integrate with. One of my deployments involved 2,500 users with 500 devices, and it took between 20 and 25 days to complete.

All of the features in this product are good and this is a product that I recommend.

I would rate this solution a seven out of ten.

Organizational role management: By defining the roles it made our job easier for new-hire provisioning by automatically granting/creating the tickets necessary for the job role.

• Roles
• Connectors for provisioning
• Re-accreditation or reviews

These help greatly to govern user access.

• User interface
• Workflow
• More connectors

Yes, it depends on your architecture design. If you use the appliance version then it won't handle a huge database volume.

Yes, there are scalability issues. This product does not scale very well. It is not a good product for load balancing / active–active architecture.

Simple and straightforward.

Pricing varies based on user count/number of modules you need.

Before RSA we evaluated SailPoint, CA Identity Governance.

This is a good product for a small-scale organization.

It's used for basic two-factor authentication.

It improved security.

The software tokens are a huge improvement over hardware tokens but it could be cheaper.

I've used it for over 10 years.

It's difficult to distribute to remote end-users, and two-factor authentication is difficult for some users to grasp. Our initial deployment was hampered by a flawed management approach and lack of knowledge.

No issues encountered.

No issues encountered.

Customer service was rarely used.

Technical support was rarely used.

There was no previous solution used.

It was straightforward.

It was implemented in-house which was a huge mistake on our part.

We've not calculated this as we were mainly concerned with security.

It was expensive initially, but day to day costs are minimal.

No other options were evaluated.

Get a vendor team or consultant to assist implementation.

It allows users to authenticate using two-factor authentication, which is becoming more and more of a regulatory requirement.

It has streamlined the process of authentication, which has resulted allows for less calls to our Service Desk/SOC for password resets.

It could be a little more flexible with the installation of the product. Only virtual Linux environements for hardware appliances are allowed for a deployment.

I have been using this version for over a year.

There was a minor issue with getting the replica to attach. We worked through the issue and it's now functioning.

Never - one thing I can say about RSA is that the boxes are stable and solid. With an attached replica, it also allows for peace of mind.

Our license allows for one primary instance and 15 replica's, so the answer is no. It's scalable and works very well at doing this.

I have never had an issue with RSA's customer service, they're an easy 4/5.

Very good. Everyone I have spoken to when a ticket needs opening, has been excellent at guiding me towards a resolution and does solid work with the knowledge transfer.

Yes - we have been using since version 6.1 and the switch was made due to RSA calling EOL on all versions previous to 8.1.

Very straightforward as the setup admin guide is spot on and one of the best I have ever used/encountered.

I am RSA Certified so I handle all implementations of RSA in-house.

The real ROI will happen when we implement the on-demand token code portion within the next year.

The cost initially, if using hardware appliances will run around $10,000. That's with a base license (primary/replica), and also includes the cost of about 50 tokens.

No other options were evaluated.

If possible, hire someone to manage the installation that has a solid concept of what they're doing. Be sure to have them meet with all the teams that will need to authenticate so that all the proper connections are made from the implementation of the product.

Random token generation.

Soft and hard tokens for two factor authentication has been introduced.

Application and appliance stability needs improvement.

I've used it for three years.

There were some scalability issues.

6/10.

6/10.

Synchronization with Active Directory to import all your users makes getting started with the product very easy. In conjunction with software based tokens and some end user training, you can be up and running with a fresh deployment in a matter of days.

Primarily deployed as an authentication mechanism for remote access VPN users, it allows a more secure method of connecting to the network. This is especially a must have when dealing with any regulatory compliance initiatives.

When the 7.x release of Authentication Manager came out, the administrative interface and user interface (for self-provision) relied on the same TCP port even though the URLs were slightly different. We did not want the same port which administrators used open to the public internally, we saw that as a security concern in the fundamental way this system operated. We were excited that the self-provision feature was now built into the box but disappointed at the implementation. We hadn’t planned on standing up a separate web server in the DMZ for the purpose of brokering the self-provision process since 99% of our users were onsite, meaning they could get their tokens prior to leaving the office. When I questioned RSA about this matter, their response was to utilize a Web Application Firewall to block access to the specific administrative URL. We thought this was a bit too involved especially now that we’d need to implement a WAF, so we changed the policy and discontinued the self-provisioning option for users. While consulting on the product, I don’t come across a lot of companies using this feature so it’s not a deal breaker for most, but it’s certainly a nice to have if you would like to offload some of the administrative overhead as the self-provision feature also allows users to reset their PIN and perform some maintenance tasks.

I started using this solution while working at IBM Internet Security Systems in 2007 managing client environments. Since then I’ve consulted on the product performing routine maintenance, upgrades, migrations, and administration. This has involved using RSA Authentication Manager 6.x/7.x, RSA SecurID hardware/software authenticators (tokens).

Deployment is very straightforward if this is a first time install. We did go through several migrations which required some database changes and specific requirements depending on the environment and usage. I highly recommend opening a case with RSA to inform them of your migration so they can assist with any planning and inform you of any potential issues that may arise during the migration.

We typically deployed hardware appliances which are purpose built, so I haven’t come across any stability issues yet. I could imagine that if you under spec a virtualized environment that you could run into some performance issues.

The product scales very well. With a limited license you can add an additional replica, or backup appliance, for redundancy. Depending on the licensing you purchase, you could add up to 15 replicas. We typically see anywhere from 1 to 8 replicas depending on customer requirements and their geographic locations.

I typically dealt with the regional account manager from RSA, so customer service was always exceptional. If we needed to call the regular customer support number for administrative tasks on the account, they were always helpful and resolved our cases within a few days.

I also highly recommend purchasing an upgraded technical support package. Our dealings with technical support have always been great due to the fact that we can bypass the typical tier 1 level and get straight to the teams who have the deeper level of expertise. In certain cases, such as dealing with complex migrations, I always dealt with the same person who was very well versed in the products and could tell exactly what was going on without having to “get back to me” or “check with their peers on this one”.

Included with the hardware appliances are straightforward setup instructions for racking, powering on, and initially setting them up. RSA also provides plenty of in-depth documentation, administrative guides, and knowledgebase articles right on their support website. If the information I needed wasn’t in the admin docs, I found 90% of the answers in the knowledgebase.

I’ve implemented the technology myself as a customer and vendor. As a customer, it was easy enough to follow the standard administrative documents to get up and running. As a consultant (vendor), having had the prior experience made it easy to provide product demonstrations and answer questions.

Typically RSA was the incumbent and most of the time the decision was made to just stay with their products due to the initial investment. I have looked into other products and the one which came closest was Vasco’s IDENTIKEY line. Vasco had a more intuitive workflow upon the initial setup and overall administration. There was a lot less digging around in admin docs and knowledgebase articles to find answers because the layout seemed a bit more straightforward.

Reach out to a Value Added Reseller (VAR) with plenty of experience who can match your requirements with the best solution. If RSA ends up being your selection, I would recommend subscribing to a premium support option because not only will you get a faster response from them, the quality of support is much greater.