IBM Tivoli Access Manager [EOL] Reviews

Identity management

We have managed to automate the creation of all employees, and the company's clients and then assign the accounts/accesses according to business need.

TIM logging

Three and a half years.

Little issues that were quick to resolve. I don't understand why they have to separate the deployment, as I have used other products that make the deployment as easy as possible.

Never.

Never.

Good.

I have only ever used this product.

The initial set-up is a bit complex for a novice as the Linux version of it needs you to be somewhat good with Linux. There are certain OS requirements which if you are not familiar with Linux, you going to struggle a bit.

Through a vendor team, and their level of expertise was very high.

No other options were evaluated.

It is a very good product to implement.

Web security.

It keeps our web applications secure.

Web Portal Manager does not implement the full set of functions found in the command line

Nine years.

There are some challenges between major version upgrades. We usually wait for the first fix pack before evaluating the system for an upgrade.

Early versions had issues but since version 5.1 it has been very stable.

No issues encountered.

Very good.

It depends on who you get. Some Level One technicians are better than others. When you get to Level Two and Three it's much improved. We've dealt directly with the developers on several occasions and those folks are the best.

No previous solution was used.

I was not involved in the initial roll-out but did participate in the upgrades from v4.1 to v5.1 and from v5.1 to v6.1. Junction file format changed from v5.1 to v6.1 which cause some challenges.

In-house implementation.

IBM directory server offers the best roll-out experience. We are just beginning to look at using Active Directory for our repository,

Reverse proxy component, known as WebSEAL. It provides large number of authentication options that are out of the box.

I am a consultant and work on designing and implementing this tool for our customers. It has helped them to improve and control web and mobile application security.

This product is also available in the appliance offering which has not yet matured and has many issues. Most of the time application of fix-packs cause problems to existing functionality. Also, all the features of the product are not available in the appliance version. Lastly, there is huge room to improve the administration UI to make more user friendly.

10 years.

Deployment is quite easy, and the only issues that were faced were with fix pack applications afterwards.

Not really.

No issues encountered.

Overall, it's decent. Many times it depends on the IBM support team member handling the customers' issue.

Overall, it's decent. Many times it depends on the IBM support team member handling the customers' issue.

I have not used a different solution.

Initial set-up is straightforward.

It's one of the best available products of its class. Worth investing in.

• Junctions access control
• Transparency to the user

Provided more secure computing.

The whole product could be made into one suite instead of multiple components which are essentially a part of the same infrastructure.

Six years.

Yes, the deployment has many issues like: the sequence of components installation, connectivity and most of all, certificates.

Yes, the applications depend on each other to function. Each application becomes a single point of failure.

No issues encountered.

8/10.

8/10.

No solution was used previously.

Many components needed to be installed with even more prerequisites. Each component had a sequence to follow.

It was implemented by an in-house team.

We also looked at Siteminder.

Go for Siteminder.

It’s a very flexible and customizable product.

• It provided a secure and robust end to end security solution.
• You can fine tune authentication and authorization
• It’s also easily scalable.

• Installation and configuration.
• If you don’t know the requirements of the supporting components, it could be complicated to install and this has been improved in the later versions that are renamed to IBM Tivoli Security Access Manager.
• Also the knowledge base articles on the internet are limited.

Several years.

No issues encountered.

This is a very stable product that can run forever.

There are no issues with scalability with this product. Easily to do with no downtime.

Good. Nothing to complain about.

The technical support are very skilled and has helped solve all issues that I needed help with in a timely fashion.

No previous solution used.

Not as straight forward as Microsoft products where the dependencies are bundled in the installation.

I was part of the in-house team and we managed to handle it without the help from the vendor.

The setup cost is like any other product, and once setup, this product requires very low maintenance.

No other options were evaluated.

Most often IBM Tivoli Access Manager is not involved when backend applications are developed an this can sometimes cause the applications to not function properly and you need to spend time troubleshooting and do changes in the application.

An IBM Tivoli Access Manager technician should be involved from the start when developing a new application.

Centralized policy management and reverse proxy-based architecture make it very flexible in terms of deployment, adoption, and implementation. SSO capabilities over various technologies is another strength of this product.

This product enhanced the overall security at perimeter and improved user experience via SSO. A central place for policy and credentials simplifies the authentication over application landscape.

The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration. Also the federation capabilites are very limited.

I have deployed this product at various clients over the last 10 years.

Initial deployment of the product is always critical and issues do come up but not due to limitation in the product. Most of the issues were around bad planning or incorrect deployment.

No, there were bugs identified many times but mostly they were fixed via patch release or a workaround was offered.

No, if deployed correctly it is highly scalable product.

Fantastic customer service from IBM.

Technical support is good as you can raise issue any time and based on criticality of the issue IBM can provide support immediately. In some cases even on-premise support is also available.

A home grown solution was replaced by ISAM to change and configure SSO quickly for applications and at the same time using a scalable product was other major consideration.

The initial setup is always complex due to number of applications and user base involved. As the product is a front door for all applications this is very critical and complex setup. Also due to internal and external users and multiple authentication mechanisms involved for different type of users it gets complicated.

IBM team was used for the initial deployment and support and the support provided by them was fantastic. They offer quality consultants all across the globe with short notice.

Yes, it was compared with Siteminde.

This is a great product with proven history. A little better planning is required before deploying it. Given the change in web technologies and SSO protocols it might be better to check other products in market too.

• WebSEAL
• SSO

The WebSEAL reverse proxy is great for protecting your critical systems.

There is always room for improvement in all areas.

On and off for five years.

Yes, because there are so many moving parts it can often be difficult getting it right first time. Linux is more difficult than Windows but I feel Linux is more stable.

Not once it’s is installed.

No issues encountered.

Good.

Very good.

No previous solution used.

Complex. Like I mentioned, there are so many moving parts and I had issues with DB2 installation and patching it up to latest versions. This seems typical but others may have had better experiences.

Vendor. Their experience was phenomenal.

No other options evaluated.

Try to install a few times on various platforms to familiarise yourself with any issues.

Protection of web applications

Simplified deployment of web applications. The ISAM products centralises authentication and authorization giving a shorter time-to-market in the development of new web sites/applications

Since ISAM 7, and especially version 8 IBM has moved from software-install to appliance based (virtual or hardware) this really improves the speed of new patches and releases. IBM promised to release a new appliance-firmware every quarter, so far they kept their promise.

10+ years.

You do need to train to add to your skill set, and need to fully understand the possibilities and features which takes a while. Since I've been using it for over 10 years it is no longer difficult for me to deploy. Of course with new version some things change, so reading the documentation is quite useful sometimes.

Since its birth it is an unbelievable stable product. I know of a deployment that did not receive any maintenance for several years and it was still working.

Nope, it is designed to be very flexible. It can handle any size website.

We as a Premium Business Partner have some advantages in being able to contact the developers more easily. Our customers can raise tickets, and depending on their contract, they are suitably assisted by IBM.

It has been good for long time.

Nope, somehow I ended up a IBM Business Partners, always using ISAM. But are also using IBM Security Identity Manager, IBM Security Directory Server, IBM Security Directory Integrator, IBM Federated Identity Manager. Basically all IBM Security Identity and Access Management offerings except IBM Tivoli Access Manager for ESSO (confusing naming, but a really different product that does not really combine with all the others in my humble opinion).

With the firmware appliance it is easy as pie.

I'm part of a IBM Premium Business Partner, we are specialised in IBM IAM deployments. In many occasions IBM Netherlands is requesting our services to get the job done.

An ROI, is for most customers not easy to make being a security solution. It gives more hassle than not using it, insurance-wise you could say. Once a customer has chosen it they stick with it, I did not see many customers abandoning it due to ISAM not performing or not being satisfied.

Ensure you got your team trained and get external expertise for your architectural design and first deployments. While learning on the job, your team can take over after a while.