Symantec Siteminder Reviews

The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.

We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.

It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.

It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.

A more modern management interface would be nice. The existing interface feels like it's about 10 years old.

It's been probably about 10 years since we integrated with it.

We've had no issues deploying it.

It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.

We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.

We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.

Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

I really like the robust functionality that this solution offers, such as federation, OAuth, security, and multi-tenancy, just to name a few.

It really helps us and, importantly, it's very easy to use.

In regards to our organization, it provides a level of security that allows us to get on with our work.

The initial setup was kind of cumbersome as the instructions were not great. They should really improve this.

It has had its moments, but we deal with them and it seems to be getting better.

Definitely scalable, no problem here.

Mixed, as there are different levels of expertise and so the quality of support not consistent.

Others in my company had done the due diligence because once you’re married to the product you cannot change. But I don’t think CA SSO is the best out there right now.

It was complex and not at all straightforward. They really need to work on this.

Just do your research. This is very important.

Single sign-on allows you to log into multiple areas and sessions with just one user login. SiteMinder uses a cookie to pass the credentials along to different applications, and it’s encrypted. You can determine how long the session will last before users have to log in again. And if you have NTFS capability, it just automatically logs in again for them, using a firewall to protect LDAP.

We use it for our tier-1 applications through GLBA and SOX. It helps with compliance because we can make sure who a user is, log-in information, etc.

It’s never been an out-of-box solution except for IIS, which installs web servers for you. Basically, you do a bit of configuration, and the client on the other end is heavier use. That’s the beauty of SiteMinder -- you can do anything with it.

It’s really difficult to initially configure, but once you know where the traps are, it’s not a big deal. It’s done everything we’ve needed it to do.

It could use better air handling -- if your policy doesn’t work, you just get some dots instead of real information without looking at the logs. It would be nice to find the info without hunting in the logs.

Once every one to two years, the service will freeze, but if you have redundancy, all you have to do is restart. If you have redundancy, it’s not a big deal. The way it works, is that it does a round robin so that if one server goes down the other three handle the traffic.

Very scalable. You just have to have a central database where all servers hook up to the policy store, and all servers can use the database without a problem. You can then add as many servers as you want.

We’ve been using it since they were Netegrity, who had amazing an KB. But unless you’re standing up a new application, you don’t need it. We only get tech support involved when we have a new application.

I’ve been running SiteMinder since v4, the first time I had to learn everything. It’s easy to export the policy to the policy store, which is your most valuable thing. It’s on v12 now, and I haven’t had to update for two years. We’re no longer handling the server admin, that’s another team, but we’re handling all the policy configurations. We can take that and go from version to version with no problem.

As far as software goes, it’s as close to the energizer bunny as it gets. Every now and again, service will freeze, but other than that it just goes.

It depends on whether you can log in directly to your LDAP and manage it, because that would be easier. If you need the ability for just logging without buying an application and want good security, it’s an awesome solution.

Most people use it as an external firewall, but all our firewalls are internal, so this is a good back stop.

We use it a lot for federation, authenticating in-house or on premises, and that gives us access to an outside SaaS provider.

Also, we like the reverse proxy tool so much that in some instances we’re using SSO just for that and not even single sign-on.

It's really increased the security of our applications, and in some cases, has provided much more security. It does this even while some applications don't require multiple usernames and passwords.

The documentation is not good enough, particularly the installation documentation could be improved. Some things are left open to interpretation and others are simply not documented at all. CA will take liberties and make assumptions that your system is a certain way, and so the documentation is based on that.

It’s very stable, but we found some bugs and got workarounds quickly. We stress out SSO, from what I understand CA's reasoning is, but they're quick to resolve the issues.

We've had no issues at all with scalability, as it covers everything we do even at thousands of logins per minute.

We use them a lot and they're quick to pick up cases. We have almost a dedicated team with them that escalates up issues.

It’s fairly complex as it has lots of pieces. We’re in the process of upgrading and we’re building a mirrored environment and then moving everything over to it.

CA is great to work with, but to use it, just learn the product suites and how they interact. Make sure you have a good layout and make sure you have everything you need.

Security to protect digital assets is most valuable to us. For the financial industry, security is a high priority. SSO provides solid security, specifically authentication and protecting digital apps and applications. We can define what we protect.

Federation is valuable as well, using the same security across multiple channels like mobile, e-side and m-side, and web services for partners. We can cover all channels with one security solution.

It protects business assets and functionality. It enables the business to serve customers through multiple channels without asking the user to register multiple times. Register once and it serves multiple channels. It also helps our security and fraud teams to protect assets and lock compromised accounts. It allows all channels to go through the same rules.

We go by agents for authentication; anything relating to agent configuration could be improved, or even agentless security.

Also, reporting on analytics and the health of the system could be improved.

Very stable. It’s rock solid. As it is serving 100 million requests, it works.

It’s very scalable horizontally. We deploy multiple policy servers as we see load increase, and we do have 16 million users.

We have dedicated services, and they’re OK. Whenever we ask the questions, we get documentation and we do place calls. When we place calls, we do get good support. Theoretical questions or subject matter questions are usually answered with documentation and some back and forth. Overall they have been good.

It was already implemented, but we did migrate to a new data center. The experience was pretty good.

SSO architecture is different from other kinds of application development. Plan up front. Understand the tool, and understand how to configure the tool, which partially depends on LDAP, and how to configure agents to perform.

Understand how you want to protect which assets, and how you want to open asset protection to other channels because it will grow. People will be asking more and more. For us there is no other way when I’m serving that many customers – we have to be fully prepared and plan way ahead.

The most valuable features are security and ease-of-use.

Tokenization of the web applications is easy for application owners to integrate with the tool. On the back end the dev side, and the deployment cycle with web agents and policy creation are easy.

It's seamless with several hundred internal applications, which is a time and frustration-saving mechanism. It definitely gives a productivity increase with less time logging into things instead of logging in from application to application, while maintaining the security layer.

We’d like them to go back to the C version of the admin console. It was much smoother than the web-based version. Everything else is pretty good.

Very stable product. The only time we’ve had problems with it is deep behind SiteMinder, which feels the ramifications. The application we’re protecting usually has the issue, not the SiteMinder/SSO itself.

Very easy to scale. They have a good sizing guide it vertically scales very easily.

Once you get past the first level, it’s good support. Typically once you’ve supported the CA product for a couple of years, you probably know more than first-level support, so it’s frustrating to explain to them the issue.

It was already in production when I joined.

It’s definitely an industry leader in the web access realm. It’s easy to deploy and integrate.

You need to understand the overall design of your web infrastructure, and what do you want to protect – the entry point or the entry point and application server? Design questions, really. You need to decide whether you want fine-grain or course-grain authorization. For the CA solution, make a support matrix and understand other peripheral products in the environment.

We like the ease of implementation, integration, and the support matrix. Cookie provider helps us set host-based cookies and provides SSO across multiple domains. It provides restricted cookies as well.

It restricts cookie replacement and provides enhanced ones, so the applications are safer. Helps keep our data secure in a much better way without affecting user experience.

Better support. It would be great if they could move to the AWS model where we could open up a chat with the support person immediately instead of opening up a case. We’d love to see them implement screen sharing to expedite the support process.

10/10 - no issues.

I haven’t seen any performance problems with scaling or general performance ability, so maximum points there as well.

Not great. The first level of support is not up to the mark or able to understand the actual problem. It takes us time to explain the problem. Any time we open up a case we have to repeat the explanation of the problem 15 to 20 times until we get a response that is in line with what we are expecting.

The handoff isn’t good. Communication with the different support teams is a challenge, and we have to repeat every detail of the problem at every stage, which makes it not a great experience.

It was simple. Documentation has been more than satisfactory, and we’re happy with that. The changes are very well communicated. Even the point releases haven’t given us any problems.

It has all the features, and the CA roadmap has always been ahead of the competition. The only missing portion is documentation around global deployment. As companies are growing bigger and bigger, they’re thinking about global deployments, so we haven’t seen much talk around global deployments, and I haven’t seen any white papers.

The most valuable features are:

• Ease of deployment, and
• It’s customizable within the user interface.

It helps protect our applications and provides identity management. It allows us to do business with third-party apps, and they’re a recognized industry leader.

For the login experience, it’s seamless navigation from one app to the next. It’s responsive and promotes ease of doing business.

Upgrade planning is extensive and costly and involves a lot of applications, so we’d like to see that improved. Also, the policy export/import could be easier for when we go between environments and when we export/import into our production environment.

There are some security risks that we’re evaluating with a current version of the product that might require an upgrade. From an upgrade standpoint, it’s challenging – not a simple, agile type upgrade. It’s a major upgrade that affects a lot of our applications.

Highly stable. We have it pretty well tuned.

It’s scalable from one app to the next, and we already have the infrastructure built out to support it.

They provide a pretty good service, especially as we’re entertaining additional products and services. We had an upgrade from R6 to R12, which was significant, which we managed through support. Understanding the urgency and sensitivity behind it, we got their account management team to come on-site and help.

It’s stable, the client experience is really good, and there’s an opportunity for us to improve response times. They could improve integration with other products in the suite.

Understand what their business cases are before they pursue a solution; understand where they have a need. Sometimes applications themselves don’t necessarily need to be integrated with something as robust as SiteMinder doing ID management, so I’d recommend looking at the business functions and what their needs are before they pursue the SiteMinder solution.

The three security products perform different functions, but they are all part of the suite. SiteMinder is an industry leading solution as everyone is using it. The new offerings are simplified, which is good.

Besides that, other things are pretty much on par for the industry products out there. All the products have valuable features, but they’re similar with what’s out there.

We are using it for multi-factor authentication, and we are using it also for our identity management processes. Some of the tasks we have been doing for boarding, it's helped us meet requirements by having dual-factor authentication.

With CA Identity Manager, the integration support with other technologies is still not mature enough. CA IDM still has a lot of moving components. Oracle and SailPoint solutions are much simpler and robust, although we are using CA because we have licenses despite it needing to be simplified.

We're using this alongside IdentityMinder and RiskMinder.

I would rate the suite 4-5/10. SiteMinder is the most stable and is 7-8/10 rating. with the other ones, we’ve had problems, and they doesn’t really match our business needs. The other parts of the suite are lower.

I think for SiteMinder, we have a business need and we think it is scalable. For 2016, we'll increase our infrastructure. For the others, we are running them on a minimum hardware set.

We often use tech support when we get stuck in situations. We have less of a relationship with them because we escalate with partners and they provide us with support. If you just open a ticket directly with CA, the guy doesn’t have a solution. With the partners, there's always a good solution.

I started using it six years ago when it was very complex. Now they have given a lot of UI features and simplified it as well.

They are good from a cost standpoint. The price model offering is very comparative to other solutions. That is a positive.

We also looked at Oracle and SailPoint solutions. We looked for a solution that had good integration with other technologies in an enterprise organization. We also considered the simplicity of the product.

CA has a lot of servers, but it needs to be simplified to only two to three components. The SiteMinder solution is something that if my colleagues would like, I’d suggest that.

Other products I would say, go look out in the market. There are better solutions, and CA should look at Gartner’s Magic Quadrant and IDG. Look at the capabilities to see how they can bring those capabilities into their products, etc. It gives me the single sign-on between applications. On-boarding isn’t effort intensive. Those are good things.

It provides us with authentications, authorizations, and basically providing the client with better secure services.

We can differentiate between the good logins with a genuine user and unauthorized ones.

It’s easy, versatile, and functionality-wise, it’s very user-friendly as well.

With SSO, we’ve been able to better serve our clients, and wherever these authentications are required we can effectively manage the authentications. The bottom line is that if the clients are happy with the SSO solutions we’re providing, we’re doing a great job and the product has been helpful.

I would say advanced authentication, but they have another product for that. SSO could be merged with automatic authentication, so if I want to use those services I could depending on our requirements, rather than having two different products installed.

Like every other product there are things that need improvement, but it has been pretty stable. From a job perspective, it does what it is designated to do. Sometimes there are issues with non-sequential navigation, but when there’s an issue we get a fix for it. There are no issues with the core functions.

We are applying the solution to a lot of the platforms we are planning for, and we’re pretty confident and positive that it will be the best solution for us.

It’s good. Sometimes you have to wait for the right resources to come up and follow the escalation chain, but they’ve always been very responsible. I would like to get answers right away in most of the cases, not being sent offshore to have some analysis done. But I’ve seen that improvement in the past year – the customer service has improved.

It was already in production when I joined.

We installed one version and there is a bug in it; from a customer perspective I would want that particular issue to be fixed rather than getting an answer that the bug will be fixed in the next version.

It doesn’t mean we’re not trying to address it from our side, but with clients on it, it does take time and we’ve got to keep in mind all of the consequences. If they could have those exact solutions for a particular issue that would be great.

You should understand their requirements before they select a solution. Then you need to verify that you have the correct infrastructure, resources, and that your applications are compatible with the SiteMinder solution.