Symantec Siteminder Reviews

We are talking about the authentication products in general. What was previously SiteMinder, AuthMinder, some of the risk based authentication products that they have. I think the mainstream use that we have for the products are probably around web single sign-on. Being able to sign on to applications, the users not having to authenticate again. One of the good features we get out of the product as well is to be able to include different authentication methods. We use username and password but we also use smart card authentication, which is very key to our company.

Two factor authentication based on hard token effectively. Yeah the main thing I guess is, well two things. One is end user experience, so single sign-on. Before the product was introduced, we had multiple sign-ons to different applications. End users have to enter their username password multiple times. Now of course with single sign-on they enter it once and then during that session, they no longer need to authenticate again. The second thing I think that is important also security. It’s a secure product. We can make use of two factor authentication with the product and so from a security perspective, it gives us strong authentication. Our solution has to be basically 99.9% available, which means we have to have the highest availability out of the product that you can rarely from an IT system

We have deployed it in a very highly resilient and with a very strong PCM component. Ability to fail over within a datacenter and the possibility of failing over between countries and datacenters. It scales well, we have 200,000 users that's not simultaneous or you are all using it at once but certainly it scales events. There are advanced features that would mean that we need to look at scalability so it does authentication, does also authorization. If there is heavy authorization traffic then we really need to also look at how we scale that up. It can’t scale. It’s just a question of putting in more servers, putting in more infrastructure to allow it to scale.

To be honest, I don’t get involved with the operations side too much. I am an IT architect so I look at the overall architecture of the system and then how to introduce new requirements and how they can get fulfilled but my impression certainly is that the support is good. It has to be very good because we have a 99.99% availability, so if it wasn’t good we would’ve moved off it by now. I would say it is a relatively complex setup. We have a relatively complex environment so with all of the availability requirements we have, it is quite complex but having said that, it is no more complex than any other enterprise systems that has to be highly available.

I wouldn’t say it was overly complex but there's complexity in it. One of the reasons we are here today is also to understand what features there are in the future. I think for me as an architect, I look at what the emerging trends are. We have a lot of new requirements; mobility is a big one for us. Bring your own device, being able to authenticate on mobile devices securely, being able to make use of multiple applications right on that mobile device. Being able to integrate with containers for example Citrix, also with the changing old pricing models we have, a lot of outsourcing, a lot of software as a service, we need to be able to improve how we have authentication to the cloud, federation capabilities and that sort of thing. There is a lot that we can do to go forward.

At this point I'd rate it about 8/10. One of the biggest things is availability. Availability, scalability, you really have to make sure you understand the scale of the deployment and what your requirements are around availability. Certainly in our company it has to be the highest scale, highest availability. Don’t underestimate the amount of testing you have to do, the amount of stress testing, load testing, because this is critical infrastructure. This really is the front door to all the applications in the bank and if this goes down, the bank has stopped working. Quite simply you have to make sure that you do all of the testing required to make sure that product is absolutely rock solid.

I think it is very important to do your due diligence. You need to do your research into what is out there and what is best to meet your requirements. That said, I think there is nothing really that can replace doing a proof of concept. You have to do a proof of concept, because no matter what the vendor says, no matter what other people say other blogs or other reviews, your involvement is always going to be unique. There is always going to be something that you need that maybe other people haven’t done before. Be that some authentication method, some authorization method, the number of people you have, your topology of your network.

There is always to be something. Take all of the other information in but you must verify yourself. I think you have to really understand supportability. Quality of the product, so you have to trust the quality of the development methods, the testing that it scales to how you wanted to scale that you’ve got examples of the product being deployed in similar types of organization, similar sizes, and similar industry is important. Yeah I think they are the main things really.

CA Single Sign-on is actually our main access control solution which we use to protect our websites, portals and applications, which are exposed internally as well as on the cloud and externally, as well as commercial applications.

It was very hard to get the end user experience in favor of like you login into one website and then you don't need to login into other website you can just click on the link and go over there. CA Single Sign-on has helped us a lot. The user only needs to use credentials once and then they can single sign-on into other websites which are already integrated into the CA Single Sign-on product.

Overall I'd say we're very satisfied with the product but yes, we had outages and performance issues but again I think based on the load and then how we're increasing our applications which are integrating into the solution. We have to do the technical and architecture review time to time to increase our capacity. CA has helped us with the architecture review and with the suggestions to take on the load. Definitely we need to add more servers, more capacity and also we need to go through the architecture review process there.

I'd say the speed to upgrade because I think I heard in the conference that they are trying to go with agile, getting new features in like period of months, a couple of months. That makes it very important for product management team to make it simple to upgrade. That's one of the biggest feature I'd suggest I'd like to see that if they can make the upgrade process simple. Overall I'd valuate it around 7.5 to 8. Definitely even when we select the vendors the product has to be best in the breed in the market.

I think we have a very good relationship with CA. I'd say because I think being a major access vendor product for us it's very crucial for our help cloud as well as our internal applications. We having a tier-1 support from CA and they have been very response whenever we have an issue, I think we get appropriate response from the support. I think right now we're using the solution for our cloud services which is having around 4 million users. I think it will grow to around 11 million plus users by next year and we're actually counting on the Single Sign-on solution to take the load and still meet our requirements.

Yes it can be complex, I think that's one area we have already given feedback to the product management, that is a little complex to get the set up and get it going and the upgrade process is very complex. Again it takes time to get but I think once the product is installed and it's there then definitely the stability is there. The complexity is the number of components involved in the overall installation and the education part. Like if we don't have skilled team members definitely it needs people with proper skills set to understand the product, different components, the app layer, the database layer all those components makes it little bit complex too to install.

For us the support and maintenance matters most there because once the product is implemented but if we don't have good support at all so that makes it very difficult to run the product. For us, yes the stability plus support is very important. I'd definitely say, do use them to first of all note down all the use cases whatever they want to achieve by implementing SiteMinder. Definitely SiteMinder has a lot of features, a lot of capabilities at all but usually it's not possible for everyone to use each and every feature.

I think based on the business requirements, application requirements they should first list down what are the main criteria or their use cases and based on that they should go with the implementation. That's very important for us because yeah, definitely when a vendor comes in and they tell us about the product and the features which can meet our business needs definitely that helps. Again as I mentioned for us support and maintenance is very important so it's not just once the product is in house and we're done with it.

We definitely look for possible forums and get the user reviews, go to the user groups so that we can find more about the product and supportability. I think we’re early adapters of it when we choose it like it is or it's still the best in the breed product available in the market.

Its flexibility and ease-of-use are the most valuable features.

The objects are tied together well in the administrator UI. It's flexible and easy to use, and the the policy store schema has been structured well.

It provides auditing and secure cookies, as well.

It provides security and protects end-applications. Auditing is good – it does a really good job of gathering all the transactional data. Anytime a user initiates a transaction, all of the information is captured.

It is very good. I have been working with the product for a very long time and have had no problems directly related to SiteMinder or its capabilities – only issues with our underlying infrastructure. There were a few things that CA has already addressed.

It scales very well. You can scale it horizontally or increase threads or socket configurations within the solutions.

They’re really good. Very knowledgeable. I had a policy store corruption – they were able to help me fairly quickly, in a reasonable time.

I’ve been doing it for a long time, I can say it's medium-level complexity. The policy store configuration, and tuning the policy store is a bit complex in ensuring it does not corrupt.

It is easy to implement, use, and scale. There is room for improvement as with any product. It’s solely based on what their requirements are, their user population, and their enterprise environment.

It provides good security as a single sign-on tool and is easy to integrate with various applications. Also, the admin UI it provides is very user-friendly.

It provides end users with SSO to our applications – they log in once and they can access all of our applications. It’s simpler, more secure, and involves less time for the end users, giving them a better experience with us.

I'd like to see authentication using biometrics. This would be a nice addition.

Although the policy server has sometimes spontaneously restarted, it’s mostly good.

It’s scalable; you can add new servers and away you go. If we add more users or more load, it’s easy to scale up.

They are very helpful – always there when we need them. We had a problem with their impersonation solution with our application. It was not working with the existing version, so we called them and they determined the right solution was to downgrade.

We also have support tickets for other CA products and they are very responsive – on time and are helpful.

It was already in production when I joined the company.

It provides a good UI for us, and it provides a good solution for our needs. As a standalone product, it's good.

You should understand the user setup, requirements, how you want to service the users, and their infrastructure. Based on this information, you can find the right solution.

For us, it’s the best-of-breed pick on the market today. More importantly it’s the least complex enterprise solution that we can manage. It integrates well with multiple applications in multiple environments. That’s a big deal for us.

It makes it easier to find all the policies we have in place and run. Less work for me!

One big problem we have is keeping track of the various patches and bug-fix releases. They come out for different platforms (Windows, Linux, etc.) and it’s complex. It’s tough to keep up with all the releases and bugs that get fixed.

It’s complex compared with similar products out there.

It’s stable and mature, but we’ve had challenges as we grow. We see glitches here and there, and a little bit of latency in performance.

We have challenges, performance issues for which we’re unable to find the root cause as we scale. But we’re working with CA on this.

It’s excellent. We’re able to get enough attention for fixes. Sometimes the cycles are long, but it’s still good considering what we need.

The initial setup was not straightforward. It definitely has its learning curve.

It loses points because of the performance issues when we scale, which has to do with the complexity of our environment. If it’s out-of-the-box, maybe others don’t have this issue, but we do because we’re large.

I helps us to secure all of our web applications -- internal or external- or customer based, or provider-based, or partner-agents -- with access control. It's a one-stop shop. We can have a single user interface that has centralized policy-based and rule-based access controls.

It's easy to execute, robust, and secure.

Identity Manager and GovernanceMinder should integrate better. Right now, they have started integrating it, but it would be helpful it were fully integrated with the other security products.

We've had no issues with deployment.

This is one of the robust and stable product I have seen in my sixteen years of IT experience. I'm not exaggerating here, but that is the way it worked. Very few instances we had real failures. When you have a product this stable, you can depend on it and get on with business.

Right now, our load is one million customers and about fifteen thousand internal users. We have web services we use and, this maybe looks so silly, but we didn't really have any major issues with SiteMinder. When my company began in 2003, we had two policy cycles up in production. Now we have six policy cycles. And it's scaled for us without problems.

When I came to the company we used v5, I believe, but I did two major migrations, a migration to v6 and then to v12. It's a very straightforward and smooth transition from version to version.

Make sure your architecture is defined properly.

Single Sign-On is the number one feature of SiteMinder that we're using. The ability to log in once and use those credentials for multiple web sites is very valuable for us.

Upgrades is the biggest area for improvement. It really struggles with the upgrade process. We tell CA this pretty often.

We've had no issues with deployment.

We've had no issues with stability.

We have challenges with scalability. We have a environment in which applications during peak enrollment periods can go from 80 users to 8,000 users in a weekend. Scalability is very difficult with SiteMinder. You basically have to roll out new policy servers and so the ability to provision capacity quickly is still a big challenge for us. They talk about it with every presentation. They're containerizing everything and they're doing all the right things, but they could roll them out faster.

We probably open two to three tickets a week. I manage that relationship so I supervise those tickets and escalate them appropriately. The problem is we need the support, but they don't know anything about the product.

One of the challenges is they kind of have a tiered support model where you get your case open to a Tier 1 support engineer, and often times we're using very specific portions of their products that aren't used to. For example, we use some kind of custom implementations of some of the older technologies for which it's difficult to get a resource who actually knows what we're using and how we're using it. The initial engagement with support can often take us two or three days to get the ticket assigned to the person who knows what they're talking about. Like DLWS, which is a distributed log on web service, which wasn't a core part of the product back in the day and it's just not used by a lot of people.

Some of the advanced password services stuff can be a little bit problematic, getting it assigned correctly, that kind of stuff.

It's complex. Because of the complexity of the application, you're going to need to involve professional services. You're going to need to bring in a lot of outside resources if you've never done it before. It's not an out-of-the-box, point-and-click, now-you-have-SiteMinder situation. It's going to take a lot longer than that and I think the complexity is often hidden. People are going to stumble upon these challenges in their enterprise after they start it.

Not really. We use Ping, so we have products that do similar kinds of stuff. We used to use Tivoli, so we have some experience with that. Identity Manager's been used in the enterprise before. SiteMinder works a lot better for us just because we have a base of administrators who know how it works, ease of installation, and configuration.

It loses points for the upgrade and for just the lack of ease of management. We've been using it for a long time, so we're comfortable with its weaknesses and we've adjusted our process around those. I think for a new implementation it would be very challenging to bring in SiteMinder.

Our primary purpose for using it is to manage and control access to our web applications. We've extended the use somewhat to protect other environments in our shop where we need to authenticate users.

For example, we have a GemFire caching product, and we want to limit what data users can access within the GemFire environment. So we leverage SiteMinder and its policies within GemFire to authenticate the user and to authorize them based on what type of data they are accessing.

We also use it to federate identity with external clients and vendors. We use the federation component to federate identities between ourselves and outside third-parties.

We're moving to an API-based application development model with SiteMinder in that environment. It's important for us to be able to handle authentication and authorization issues when client-side mobile apps are calling to our services. We needed to handle the responses from those authentication problems better than the traditional SiteMinder SSO system did. 12.52 provides a really nice web-app customer response feature that allows us to customize responses back to the mobile app or the browser assignments.

We're really interested in the containerized version of CA SSO where the product will be delivered as a container image rather than the traditional binary.

We'd also like to see a more streamlined implementation update process.

Also, I think they need to improve their support a little bit better especially with experienced customers who are very knowledgeable in product. It's difficult when working on level higher than support.

We brought it in a little over 10 years ago. We're currently in production on 12.0, but we're right in the middle of our migration to 12.52.

We have a very carefully planned roll-out of these products. We won't go into production as long as we're having stability issues. I would say for 12.0, our experience was fairly elongated to get to the resolution of some issues, probably a couple of months. With 12.52, we've had a couple of issues, but we already have patches and work arounds for them, and so we think that things have improved.

In the past, whenever we migrated to a new version, there's been a little bit of stability issues at the beginning and I would say with 12.0 in particular we had some stability issues. But we believe 12.52 is a lot more stable, but that's yet to be seen.

It's a hit and miss thing, like all support organizations. For the most part, for simple problems they can get to a resolution fairly quickly. If the problem is a little more complicated, they really struggle with getting us a solution. We usually have to escalate the problem to our contact engineer. But then it depends on how important the problem is. If it's like a real critical problem affecting our production environment, we'll push a little harder. We'll call up our CA representative and try to escalate the problem.

I wasn't involved in this initial decision to bring it in, but I was brought onto the team fairly soon thereafter.

I think Oracle and IBM have similar products. For due diligence purposes, We occasionally take a look at other vendors and compare features, but so far we're happy with CA.

I would totally recommend this product, but I think CA has a really good handle on what the drivers are and where the business is going in terms of application development. They seem to be a good fit.

The most valuable feature for us is the configuration feature. It permits us to connect our company to the offices of our subsidiaries. So, when we buy a company we can connect their IT infrastructure to ours.

It connects us to our vendors, agencies, and our service providers that are within our group of subsidiaries. If we didn't use it or if we lost service for even two hours, we'd lose 20 million euros.

We'd like to see a new feature to support an openID connection portal. We'd also like for CA to be faster at shipping out new technical environments, such as OSs. They should do an operating system like RHEL, where Red Hat is on top the newest version of Linux. Today, they're slow to support new technology.

It's stable.

There have been no issues. The scale is very important for us because we are doing some new applications.

It's not user friendly, but it's very customizable. It's important to have customized developments integrated with CA SSO.

It's expensive. If you're small, it wouldn't be as good a fit, but if you are a big company, then it's a better choice.

The most valuable feature is basically what it promises. It gives us a platform for strong authentication and authorization with access control. Another strong feature that we like is actually its simplicity of operations and administration. It's fairly simple to grasp the concepts and administer the servers and the policies.

Without it we would rely solely on straight basic authentication to our user directories, and that obviously just doesn't work. There's no auditing on it so audit-ability is another big feature that is tremendously helpful especially in this day and age of auditing and data breaches.

It's our single solution for managing user authentication. It's proven itself to be reliable and stable in terms of how it works. It's also flexible so that we can use it for many different things -- Single Sign-On, integrated windows authentication, SAP, and federation, which is a big part of our use. Those particular features are really beneficial to us as an organization.

Probably the biggest thing that SiteMinder needs is a refreshed UI for administrators. Because it's transparent to users and clients there's, not much in terms of improvement there other than additional features that they can concoct. But as an administrator, the UI can definitely use refreshing. There's ways to get to the same result with less clicks, and even with their new refreshed UI lately, it's still basically the same thing, so I don't see any improvement there.

It's stable, lightweight, works as expected and we don't see any problems with it.

It's very stable. I would say it's about a 99.9% uptime. There is a glitch probably on average once every six months, once every half year. However, it's very lightweight for what it does and, again, the audit-ability aspect of it and logging aspect of it are very mature and helpful in terms of figuring out how to resolve an issue.

It's very Scalable. We were able to and we're actually continuing a global roll-out for it across the EMEA region in addition to our North American region, so it scales among all of our Active Directories very easily. We have no qualms in terms of adding users up to hundreds of thousands of users if needed. In terms of scalability, it delivers on its promise.

We use technical support for custom scripting. We needed to develop a custom Java API for SiteMinder to hook up with one of our .NET applications, and that's probably one instance where we had to use the technical support, although it kind of borders on professional services.

Otherwise, there are really probably only a handful of instances where we use technical support and really only to guide us on best practices.

I wasn't involved in the setup, but I will be involved in future releases, in particular our roll-out to different regions of the world.

My advice would be to go with it simply because I know the product and I know it works. The way I would persuade them would be to say that it's rock solid. It does what you need it to do, it's stable, and the learning curve is really not so bad.

If there was one thing I would say, think a little bit more about how you would use a flow chart to optimize the administrators experience to do the exact same job.