Symantec Identity Governance and Administration Reviews

The most valuable features are role-based access and identity provisioning, which allow a single point of user access to multiple places.

It’s provided us a single point to create users and then provision them to different sources so that they have access to them without having to login in multiple locations.

It has a large footprint which you'd expect to be much, much smaller. Just to run basic services, we have 10 different servers. Also, if it were easier to manage, that'd be useful.

We had no issues deploying it.

We’ve uncovered some bugs while working in it. CA has -- and still is -- working with us to resolve those issues.

We haven't really had any issues with scalability, but we have an older version of it where we’ve had to customize it to an extent.

Their engineers know our environment very well. We're able to get personal support with specific engineers when we make such a request.

The initial setup is very complex. In fact, it took a while to get through the entire setup and we’re even adding to it now. CA has even been on site to help us.

CA is great to work with, but to use it, just learn the product suites and how the individual products interact. Make sure you have a good layout and you have everything you need.

Connector Xpress and Policy Xpress and the new interface.

I like the new interface. It has the same look and feel across devices, such as browser and mobile.

Reporting could be improved.

5 years.

No.

No.

Eight out of 10.

No.

The latest version is very simple to set up and install with a lot of wizards. It also comes with a new Virtual Appliance which can select the features and be ready to use.

The price is based on the number of users.

No.

The interface of the latest version is very simple to use on both browser and mobile devices.

This is the only IM solution I have come across. Using the implementation guide, I was able to implement the solution with ease. The IM is the most valuable feature to me. I also find the solution's documentation and community valuable.

I find the API boring. I also faced issues while integrating with CA SSO.

I have used this solution for three months.

There is a good level of technical support because the community is a good set of geeks.

The setup was easy because of the friendly product documentation and the community support.

Compared to other options, CA products are not that expensive.

I did not evaluate other options, since this product was just meant for a PoC.

I would not recommend this product to others. There are better products on the market, as I later came to know about Sailpoint, DELL IDM, and NetIQ.

• The xPress technologies (connector xPress/Policy xPress/Config xPress)
• Integration with API Management and other CA solutions
• Facility to publish the web services of any task of Identity Manager
• Ease of integration to leverage authentication processes managed by Identity Manager and called by external applications
• You do not depend on the supplier to change screens and validate field, create notifications, etc.
• True integration between CA Identity Manager and CA Identity Governance for better use of compliance approved roles, data exchange and improved customer experience
• Availability to implement in the cloud
• Take advantage of important features of Identity Manager and Identity Governance on the Portar offered by Identity Suite (best user experience) and less technicall knowlegde need

What about Identity Governance and integration with Identity Manager?
This solution makes a seamless integration, leveraging the power of Identity Manager connectors it import the data obtained to Identity Governance; in the opposite direction, the results campaigns from Governance have the ability to update in automatic way the information in Identity Manager, enabling materialization of privileges changes and fulfilling a RBAC model (It is the business strategy to the lowest level of privileges in applications)

Through the implementation of "Identity Suite Virtual Appliance" have created a supremely quick and convenient way to install (Identity Manager / Governance / Portal) with even high availability. Multiple scenarios available on a single console.

It has increased our automation and maintenance of SLA security functions. Additional compliance of all activity relate to provisioning, self-service, and all critical transaction of security management.

• Security information
• Human resource onboarding/offboarding processes
• All areas in organization that required account functionality in applications of the company

We've been implementing it since 2007, so around seven years.

No issues encountered.

No issues encountered.

No issues encountered.

8/10.

When you open a ticket with priority one, the technical support is excellent - 10/10. However, when the ticket is priority two, three, or four, then it's 7/10.

Did not user previous. But I helped move from a different solution to CA
Identity Manager. Why the change? Because the previous solutions was nor
flexible and was high cost value to adapt.

I did not use the previous solution, however I did assist in the move from it. We changed because the previous solution was not flexible and it had a high cost value to adapt.

The initial setup is not complex. You only need define the right architecture and work on it.

I implement it.

If you analyze the evolution of these type of solutions, there are still uncovered needs and the customers are still identifying needs. The important thing here is the adaptability to integrate and deal with new technologies. The solution integrates with solutions like CA API Management/SSO and others.

Find someone with experience implementing this type of solutions to ensure the success of its implementation.

The valuable features are the speed and the ability to provision all of our employees. I like the usability as well.

I'm happy with the features that are in the current release.

We have IDM integrated with Provisioning, SiteMinder, and CA Directory as our IAM solution. When we embark on an upgrade initiative for one of these components we quickly find that newer versions of IDM are not supported with the other exisiting components. This results in a much larger project to upgrade SiteMinder, IDM, Provisioning, Directory, and the OS which results in Senior management abandoning our upgrade project. I would like to see IDM supported with a larger version footprint in relation to the other required components in our IAM application framework.

The provisioning perspective is very stable. In terms of identity management, the logic is good, but performance could be better.

The tool is not scalable. That is not a limitation from a CA software perspective. The lack of scalability is more a result of how we originally set up the product.

We have used technical support. Overall, we find it very good. For Identity Manager, it is hard to get the right support agent.

I was involved in the installation and it was complex. We were coming from a very old version and we had to upgrade. There was a lot of data migration.

I have many colleagues from different companies and we all tend to lean towards CA products. We are accustomed to using CA.

We only need one pane of glass to see what users have access to, especially privileged accounts.

Once it's in place, it's easy to use. You definitely need insight into how your company provides access to users. Especially if it's going to be role based, which most of it is. It reduces the amount of time needed for analysts to provision users; new accounts, changes, and terms.

I'd like to see the user interface be a little bit better as far as deploying the infrastructure, the back end, but I hear that it's coming.

Most of the troubleshooting workflow is based on logs, so if the logs were consolidated we would need to just look at one particular log for all the servers to figure out what going on.

For example, if you get a fail when provisioning a user, you determine where it fails, and go to the logs to see where specifically the process stopped and what tasks were not completed.

We've had CA Identity Manager for three years now.

Stability needs some work. There are some issues with the back-end infrastructure. We've noticed that in our implementation, a lot of Java memory leaks are recurring. We've gone back and forth trying to discover the cause, and have to restart the systems and clear out the memories every couple weeks or so.

It scales fine. It's one of the better products out there. There is a limit to the amount of provisions you can keep in users accounts and you need to archive some things, but I haven't reached that limit; at least with our users.

We've opened up a few tickets with technical support and we've used our CA third-party consultants as well. They've been very helpful.

We had an in-house solution that was for a subset of our users. It wasn't robust enough to go scale to the entire corporation, so we went through a selection process to find out who's the best out there at the time. We've had CA Identity Manager for three years now, so it was pretty recent.

I was involved in the initial setup and it wasn't complex. The implementation after setup was difficult. The documentation in that area was lacking, but the implementation was as good as it's going to get.

Definitely understand your access base for your user from the business perspective. If you're made up of different companies, get a clear understanding of how those different companies get access to users, so you can make it easier when the roll out comes out and do role-based implementations.

The automation that it brings to the enterprise is one of the main things that we looked at.

We had a 20 year old provisioning system which was built primarily for manual activities. Identify Manager helped us move to a more automated model with fewer manual interactions. This definitely had a lot of added value for us.

Keeping up with the market and support for functionality and other core endpoints like Active Directory and Exchange that right now seems to be missing. So it needs a little more work around keeping up with what the industry is going.

We definitely had quite a few challenges getting up and running. Since the initial setup, it's been pretty good. We have some small issues, but overall it's not too bad. It was definitely a challenge getting to that state, though.

It is pretty scalable. We use it in the enterprise as a provisioning engine. We also use it in our external environment on the consumer side. For both these uses, it works pretty well.

One open challenge that I see with the provisioning engine is that there is something lacking in terms of pure high availability. The active-active model is pretty critical for that. Many of the components do support that model. There are subsets that don't. It would be valuable to get that into the product sometime.

There are some really good resources and support. Overall, I've had pretty decent luck with support. Sometimes we do have challenges, but that's getting better.

We are a big enterprise, which means that we’ve done things the old way for such a long time. We were long overdue for investing in a proper provisioning system.

In a way, we had been a big CA customer for a long time. It was a natural fit to leverage what we already had, rather than going and trying to find something else.

Some of the connectors are pretty flexible. It felt like there was a lack of understanding on the capabilities of the endpoints. This ended up being a point of contention. There was a lot of back and forth in discussions about how things should or should not work. That dragged out the project for longer than it should have taken.

We did have one vendor. I’d rather not say which one. They were pretty competent too. In comparison, we thought that CA Identity Manager would be a better fit for us. The skills that we have and our experience with this solution is what made it a better fit than the competition. The partnership and flexibility that CA offer were also pretty important factors in our decision.

Any solution that you pick will have its fair share of challenges. Understand and document what you really want done. You need to define what you want to accomplish in a provisioning solution scenario before you embark to try to achieve it.

We take identity management seriously and CA IDM is helping us to accomplish that goal.

We have streamlined the identity management process, but we are not completely utilizing all the features of CA IDM. This product is a milestone/cornerstone for us to accomplish our identity management goals.

We have been making strides in that area, but we still have more improvements to do. We are not there yet, but we hope to be there soon.

An improvement that we would like to see in a later version is taking it to the cloud. We have it on-premise and we foresee a lot of scalability challenges so taking it to the cloud might be a very good option for us.

This solution is very stable. I have no problems in that aspect.

We have not yet tried to scale this product.

We do use CA technical support. They are extremely professional and very skilled at what they do. I would give them a rating of 7/10.

We were not using any other solution prior to this one.

This was our go-to-solution from the outset. CA was a part of our solution always.

I was personally not involved in the initial setup. After it had been completely set-up, we took over the operations from another company. From what I have heard, it was quite straightforward.

I would advise to do a lot of analysis before you get in because the product itself has a lot of capabilities. However, understanding and making sure that all these capabilities are captured, is very important for implementation.

The first criteria while selecting a vendor was how much support we could get from the vendor. This was our primary concern because a lot of identity management software vendors provided the same solution but the level of support was very important for us. The second criteria is what niche capability the product brings in and how it stands out from the competition.

To use this tool to its fullest capability is our problem. The process is not there yet to completely utilize this solution.