IBM Tivoli Identity Manager [EOL] Reviews

It is a big repository of identities, allowing administrators to manage them and their accounts. Workflow approvals e-user/accounts operations is very important for user life cycle.

It improved the access re-certification. Re-certification was deployed using Excel and took too long too be completed. Using TIM, this time was reduced.

Five years.

There is no way to clone or copy policies. If I have to create 100 re-certification policies, I need to create one by one or use Tivoli Directory Integrator, that is a big effort to do it.

No issues encountered.

Customer Service:

5 out of 10.

Technical Support:

9 out of 10.

No previous solution used.

It is complex. All IDM projects need to create processes before deploying the solution.

I was the consultant.

I think Oracle is a good option.

Create user life cycle processes.

• Single Sign On
• Access Management

This product is mainly used to implement secure access of web applications,

Compatibility with multiple data storage mechanisms like SQL, and Oracle.

Three years.

While integrating with application server and implementing SSO I faced some issues.

The product is stable.

No issues encountered.

Customer Service:

Good.

Technical Support:

Good.

I didn't use any other solution.

It was straight forward, since we had a perfect plan.

We implemented Tivoli in-house.

Yes, we were looking for multiple tools. But this product was rated more by most of the customers. So we chose this.

Get latest version. Know your requirements and Buy

Flexibility, interoperability and the number of adapters/connectors that come with the product are key differentiating strengths in my opinion.

The product allows for extensive customization, particularly for things like workflow and policy configurations, which can get complex in a large IAM environment. Configuration is UI-driven, but the same can be accomplished in a more powerful and direct manner by writing scripts, which are based on JavaScript syntax. This is in contrast to products like Sun IDM, which rely on a proprietary language for product configuration.

Many IDM /IAM products require a database, directory server, web application server and other middleware components to function. Some of them require (or strongly recommend) those components to be made and sold by the same vendor. This is not the case with Tivoli. I've seen it work on Windows, AIX, Linux, Oracle, DB2, Sun ONE Directory Server, ITDS, WebLogic, WebSphere, etc., and it supports many other vendor products for OS, Database, Application Server and Directory server.

Connectors are plentiful, partly due to how long the product has been on the market, and developed by IBM instead of by 3rd parties.

I don't use the product at my company because it only makes sense to do so in a mid-to-large corporate environment. Having said that, in my own opinion, the main benefits are, in order:-

1. Better compliance posture
2. Stronger account security; and
3. Automation of identity management processes

For 5.1 version (older version) of Tivoli the user interfaces were not as user-friendly as other products on the market at that time. They were functional, but sometimes required extra clicks to get to the right spot. This tended to result in customers building their own custom user interfaces and integrate with Tivoli via API. However, this was (and probably still is) a lot more complex than it sounds in most cases. Speaking in general, building a custom UI for an identity management product is not a good idea. This makes upgrading to a new version of the product later very challenging, while making the costs of deployment and support higher.

Four years. I have not worked with the more recent iterations of the product. So everything below is related to the 5.1 version which I came to know very well.

Yes, minor issues that were resolved with IBM support.

No issues encountered.

No issues encountered.

Customer Service:

9/10

Technical Support:

10/10

I deployed Sun Identity Manager for clients, but switched it was acquired by Oracle.

Setup is very complex and should be left to professionals with at least a couple of years of full time experience in deploying the product. This is probably doubly true for Tivoli, but the same concept applies to other IAM products made by other vendors. They are very complex and someone with extensive technical and developer background will NOT be able to figure Tivoli out on their own without prior experience. Documentation and training only helps a little.

I was the vendor who implemented the product for others.

I helped clients evaluate IBM against Oracle, Microsoft, SAP, Novell and CA, among others.

Make sure you have a strong implementation team that knows the product inside and out. Make sure you have a good transition plan for post go-live support and a capable support team. Avoid the temptation to develop a custom UI. As a general advice for any IAM implementation, have a strong governance model in place, keep stakeholders engaged throughout the process, use the opportunity to design new processes that are simple and effective rather than automating the same old broken IAM processes that used to be performed manually.

• Workflows
• Provisioning Policies
• Adapters

• GUI has improved significantly from the previous version
• Role management has improved

• Handling bulk requests is very difficult to configure as it creates a lot of issues.
• There is no separation between the configuration of a service and integrating it with the target system. We cannot configure the service and policies related to the service without adapters and target system in place.
• Flexibility to customize is limited and the more you customize the more issues you will face.

Eight years.

Yes.

The installation documentation does not get released with the latest version releases. Therefore, I have always faced challenges to install the latest version of Tivoli. The installation has a lot of dependency on the version of the supporting software like WebSphere, DB2, and LDAP.

Yes. When Oracle was used instead of IBM DB2 as a back-end database we had issues with the stability and reporting functionalities.

Yes we did.

Customer Service:

6 out of 10.

Technical Support:

5 out of 10.

I am a consultant. I have used Tivoli's solution for most of the clients I have worked for so far.

Depends on the customer. If the requirement of the customer is complex, then the initial setup becomes complex too.

Please discuss with consultants on forums and social media like LinkedIn if the requirement is feasible. Also let the vendor do a POC. There are a lot of cases where the requirements are not feasible but the vendors agree to implement the solution and customize Tivoli so much that the implementation becomes really unstable.

• Easy to use work flows
• Adapter development

Quick on-boarding and off-boarding.

UI needs to be more customizable.

Four years.

No issues encountered.

No issues encountered.

No issues encountered.

No previous solution used.

It was complex.

We used a vendor whose expertise was intermediate.

Go for it as it is one the best solutions in its class for identity management.

IBM Tivoli Identity Manager, now known as IBM Security Identity Manager, is a very well established and well rounded identity management solution.TIM has most of the functions and features that you would need in a provisioning solution including:Complex workflows Self service functionality Admin UI that supports delegation Rich set of very competent adapters Strong reporting capability

The product is complex to install, configure and maintain.The dual persistence layer with LDAP as well as DB results in a need for a large server footprint especially if you want redundancy.Some features like the request and approval interface is not as pretty or user friendly as some of the competitors.Licensing can be expensive depending on what kind of IBM relationship you have.

Being part of the IBM security stack means that TIM is pre integrated with a host of other IAM products such as Tivoli Access Manager and Datapower which makes it easy to seamlessly integrate your entire stack .