IBM Tivoli Access Manager [EOL] Reviews

Protection of web applications

Simplified deployment of web applications. The ISAM products centralises authentication and authorization giving a shorter time-to-market in the development of new web sites/applications

Since ISAM 7, and especially version 8 IBM has moved from software-install to appliance based (virtual or hardware) this really improves the speed of new patches and releases. IBM promised to release a new appliance-firmware every quarter, so far they kept their promise.

10+ years.

You do need to train to add to your skill set, and need to fully understand the possibilities and features which takes a while. Since I've been using it for over 10 years it is no longer difficult for me to deploy. Of course with new version some things change, so reading the documentation is quite useful sometimes.

Since its birth it is an unbelievable stable product. I know of a deployment that did not receive any maintenance for several years and it was still working.

Nope, it is designed to be very flexible. It can handle any size website.

Customer Service:

We as a Premium Business Partner have some advantages in being able to contact the developers more easily. Our customers can raise tickets, and depending on their contract, they are suitably assisted by IBM.

Technical Support:

It has been good for long time.

Nope, somehow I ended up a IBM Business Partners, always using ISAM. But are also using IBM Security Identity Manager, IBM Security Directory Server, IBM Security Directory Integrator, IBM Federated Identity Manager. Basically all IBM Security Identity and Access Management offerings except IBM Tivoli Access Manager for ESSO (confusing naming, but a really different product that does not really combine with all the others in my humble opinion).

With the firmware appliance it is easy as pie.

I'm part of a IBM Premium Business Partner, we are specialised in IBM IAM deployments. In many occasions IBM Netherlands is requesting our services to get the job done.

An ROI, is for most customers not easy to make being a security solution. It gives more hassle than not using it, insurance-wise you could say. Once a customer has chosen it they stick with it, I did not see many customers abandoning it due to ISAM not performing or not being satisfied.

Ensure you got your team trained and get external expertise for your architectural design and first deployments. While learning on the job, your team can take over after a while.

It’s a very flexible and customizable product.

• It provided a secure and robust end to end security solution.
• You can fine tune authentication and authorization
• It’s also easily scalable.

• Installation and configuration.
• If you don’t know the requirements of the supporting components, it could be complicated to install and this has been improved in the later versions that are renamed to IBM Tivoli Security Access Manager.
• Also the knowledge base articles on the internet are limited.

Several years.

No issues encountered.

This is a very stable product that can run forever.

There are no issues with scalability with this product. Easily to do with no downtime.

Customer Service:

Good. Nothing to complain about.

Technical Support:

The technical support are very skilled and has helped solve all issues that I needed help with in a timely fashion.

No previous solution used.

Not as straight forward as Microsoft products where the dependencies are bundled in the installation.

I was part of the in-house team and we managed to handle it without the help from the vendor.

The setup cost is like any other product, and once setup, this product requires very low maintenance.

No other options were evaluated.

Most often IBM Tivoli Access Manager is not involved when backend applications are developed an this can sometimes cause the applications to not function properly and you need to spend time troubleshooting and do changes in the application.

An IBM Tivoli Access Manager technician should be involved from the start when developing a new application.

Scalability and the easy integration with existing web applications with no or minimal change to applications.

Tivoli Access Manger lets you separate security from applications and manage at one place. Several applications can be rolled into to the same security model.

Redundant Policy servers had to be manually configured using LB.

12 years.

No

No

No

Customer Service:

Excellent.

Technical Support:

Excellent.

It is straightforward. However it also takes experience to roll out this product.

We used a vendor team and they were excellent.

CA Siteminder was considered.

ISAM 8.0 the new version of Tivoli Access Manager may be considered for large web security implementations.

Tivoli Access Manager (or IBM Security Access Manager) is a fully featured web authentication, sso and authorization product.The product supports multiple user information repositories and also integrates with a variety of strong authentication solutions.Supports reverse proxy as well as adapters placed directly on web servers and app servers.Later product versions supports fine grained authorization as well as XACML based authorization configuration. The DP integration provides support for authn and authz for web services.

Complex to install and run. Requires the full IBM stack to reach full potential.

It is a single product that caters for all the business needs throughout the organization. It provides a seamless integration that in turn encourages most of the applications to use the SSO features.

Reverse proxy is the most valuable feature as it provides central control over authentication and authorization. The integration effort with the end application is quite straightforward and easy.

Multi-factor authentication with social integration needs to improve.

There were no stability issues.

There were no scalability issues.

An acceptable prompt response is received from the technical team depending on the severity of the issue.

More features were found in this product compared to the previous solution that we were using.

It needs quite a lot of time to design the architecture and properly layout the deployment for the high availability setup.

We looked at a couple of other products namely CA and Oracle.

Properly understand the requirement and deploy the application correctly as the product comes with a vast number of features, that we might not use unless we don't check wisely.

• Simplified architecture
• Security

It is a totally secure way of accessing clients through various application portals for more than ten EU countries, just by using single sign-on. Moreover, its EAI makes customization easier with the Java/J2EE Applications.

• Multi-source authentication
• Common configs: These need to be moved into a single config file at the appliance level

I have used this solution for three years.

There were no stability issues. However, trends are changing so fast and so are the clients' requirements. The clients also want their hold on the product. They are showing interest in customization.

There were no scalability issues.

This is my first product. However, I am moving, along with my clients, towards ForgeRock OpenIdentity Stack.

It totally depends on the way the client wants to set up and implement the product. The security requires complex implementation. This is where no one wants to compromise.

The pricing is always costly.

After working for three years with this solution, I am now looking for other products.

It is the best product for bigger organizations, but trends are changing so fast. You should look at ForgeRock OpenIdentity Stack if you are looking for a slightly lower price range.

The single sign-on configurations are unique to the product. They support multiple types of SSO configurations, including FSSO, HTTP, SAML. The most robust functionality for SSO is its EAI (External Authentication Interface) option. EAI allows customers to customize their authentication mechanisms as per their needs.

Access management for web resources is simple to configure but highly impenetrable. It can search all the resources in the protected system and allows you to manage user access with a few clicks.

The robust single sign-on feature allows business users to improve their productivity in their day-to-day tasks. It also provides end-user activity visibility on critical applications.

The user interface looks like it was designed for technical personnel only. The interface is part of the WebSphere Admin console. A lot of configuration, including those for SSO, are done through scripts and config files. The GUI could incorporate these configurations.

I have used it for four years.

If we talk about out-of-the-box functionality, the product is highly stable. For the areas in which the product allows customization, stability is dependent on the quality of customization done.

The product is highly scalable; very simple to increase the scale of deployment.

IBM provides prompt support on any issues faced. IBM is willing to go an extra mile to help meet their customers’ requirements.

This was the first product I have worked with.

Initial setup in older versions was quite complex, but with the newer versions it is quite simple. The product also comes with a pre-configured appliance.

I am more involved in the technical side, with limited knowledge of licensing and pricing.

I am part of an organization which is an IBM business partner and provides services using IBM products only.

This product is highly recommended to meet access management and web single sign-on requirements.

Web security.

It keeps our web applications secure.

Web Portal Manager does not implement the full set of functions found in the command line

Nine years.

There are some challenges between major version upgrades. We usually wait for the first fix pack before evaluating the system for an upgrade.

Early versions had issues but since version 5.1 it has been very stable.

No issues encountered.

Customer Service:

Very good.

Technical Support:

It depends on who you get. Some Level One technicians are better than others. When you get to Level Two and Three it's much improved. We've dealt directly with the developers on several occasions and those folks are the best.

No previous solution was used.

I was not involved in the initial roll-out but did participate in the upgrades from v4.1 to v5.1 and from v5.1 to v6.1. Junction file format changed from v5.1 to v6.1 which cause some challenges.

In-house implementation.

IBM directory server offers the best roll-out experience. We are just beginning to look at using Active Directory for our repository,