Symantec Siteminder Reviews

We use our SSO CA product for doing our single sign-on for our B2B customers. We have about 200 applications that sit behind it and it does all our single sign-on for about 50,000 customers that we have in our B2B space.

We have three single sign-on products in our office and I believe that the CA product offers the best product of the three. We have Oracle Access Manager, and Open SSO also. Single sign-on is very fast. I've always been impressed with that. It's flexible. It give us a lot of opportunities for growth. It's been a very reliable product for us.

I'd like to see the federation piece made a little simpler. Working with Samuel in federation and those components, it can prove pretty challenging and that's where we've had to go outside and seek additional help on those areas. Their interface could use some work but they made great improvements with the 12.5 release. I think those are the primary areas.

I've found it to be a very stable platform. Unlike some of the other products we have in place, the up-time is very good. We find that it's very easy to establish high availability. We have to run a 24/7 shop to keep our customers happy and it's proved to be very reliable for us over time.

It's a very scalable product. From our perspective, we aren't much of a high volume customer and I know that based upon other customers that use the same product, they've been able to see a tremendous amount of growth with the product. We feel very comfortable that CA is continuing to improve it and move forward with the product for us in coming future.

I haven't had to use their technical for too much until recently when we were going through an upgrade right now. They've been very helpful in that role. We've got a couple consultants on board to help us out through the process and they've always been very reactive.

When you go through different management changes, a new manager comes in and they like different vendors so we've tested different vendors throughout it. We've been through some mergers and we've tried the Oracle's product and we were told to use that on some new systems. It hasn't proved to work real well. Now that we're moving forward, we believe that the CA SSO probably offers the best solution going forward for a single sign-on.

Like any other product, it's complex in setting up. You have to architect it properly and know how you want to set the product up and use it going forward, what platforms you want to run on. It does take time, but like any other major product like that, if it's done right it will work well for you.

While I think the vendor, it would have to be a large enterprise vendor who can support and offer the scalability that we hope to have in growth of a product. Our plan is to grow that into our consumer space, which will really expand the need for the scalability. I think those are the primary factors along with the support that you need in order to support a product like that.

I would say it's got to be an 8/10 because there's always room for improvement but I think it's a good product and I think an 8 would be a good score.

Recommendations: I would have them look at the same thing for scalability. Implementation is a component, ease of implementation. It can get complex so you have to do it right. Looking at those areas is very important but I'd highly recommend the product for anybody who wants to use a single sign-on.

We like the ease of implementation, integration, and the support matrix. Cookie provider helps us set host-based cookies and provides SSO across multiple domains. It provides restricted cookies as well.

It restricts cookie replacement and provides enhanced ones, so the applications are safer. Helps keep our data secure in a much better way without affecting user experience.

Better support. It would be great if they could move to the AWS model where we could open up a chat with the support person immediately instead of opening up a case. We’d love to see them implement screen sharing to expedite the support process.

10/10 - no issues.

I haven’t seen any performance problems with scaling or general performance ability, so maximum points there as well.

Not great. The first level of support is not up to the mark or able to understand the actual problem. It takes us time to explain the problem. Any time we open up a case we have to repeat the explanation of the problem 15 to 20 times until we get a response that is in line with what we are expecting.

The handoff isn’t good. Communication with the different support teams is a challenge, and we have to repeat every detail of the problem at every stage, which makes it not a great experience.

It was simple. Documentation has been more than satisfactory, and we’re happy with that. The changes are very well communicated. Even the point releases haven’t given us any problems.

It has all the features, and the CA roadmap has always been ahead of the competition. The only missing portion is documentation around global deployment. As companies are growing bigger and bigger, they’re thinking about global deployments, so we haven’t seen much talk around global deployments, and I haven’t seen any white papers.

We use Single Sign On to provide, of course, single sign-on to a variety of web applications. We use it to federate identity for remote web applications as well.

It's performed well. We're on an older version, so there's the occasional stability issue, but overall, that's what you're going to see in any enterprise environment.

As our identity model continues to mature, probably the Federation is most valueable. 

In IT, you're seeing a large shift to the cloud, and to using software as a service applications and, because of that, you still need to be able to securely assert identity. The Federation components of CA Single Sign On allow us to do that effectively and with minimal resource investment, to realize functionality.

It allows us to get, again, both externally hosted and internally hosted web applications up and running using centralized credentials in short order. It makes it easy.

I've talked to them about this: I'd like to see a rework of the user directory configuration. In Single Sign On, whenever you set up a new user directory, there is a pretty specific number of hoops that you have to jump through in order to maximize throughput between Single Sign On and a user directory. A lot of those aren't documented, so the only way you typically get that information is by engaging CA support, which, if you don't think you need to do that beforehand, you're going to have an unpleasant surprise when you cut over. 

So, either reworking the user directory configuration would be great, to make some of those hoops that you have to jump through unnecessary, or redundant. Or, failing that, reworking the documentation for setting up the user directory, explaining the rationale behind why you have to do the things you do. Because, if it were documented, at least then you'd be able to set it up effectively without incurring downtime, as you find out how to do it the right way.

In terms of the stability issues, what we do see is frequent Policy Server service restarts. What will happen is SM Policy Server will die and be restarted by the SM executive. That happens relatively frequently. But again, we're on an older version, and we've been told by CA that that's the reason why, and that it has been patched in later releases of the product. 

But the executive restarts the service as fast as we can log in and look to see, is there any service impact? The environment is once again processing authentication and authorizations. Not only that, but, we do have a relatively large environment as well, so we have policy servers running and multiple datacenters. It's not just one in each datacenter, it's several in each datacenter. So we don't see any large, sweeping impacts to our enterprise authentication traffic; when one goes down, it gets restarted. Although, it is a pain because you do have to allocate resources to go and verify that yes, indeed, it did come up.

The scalability? I think it does well. We've been able to scale horizontally at various times throughout the lifecycle of the product, within our environment, with minimal fuss. It's been good.

It's good, actually. Very good. The product knowledge that they have on hand with that staff is more than adequate. They've sent people on site on several occasions. We've engaged them not only through the phone, but through the web submission portal, and in person. At every opportunity, CA staff has been professional, knowledgeable, easy to work with.

We were using something previously but I don't recall what it was. In terms of switching, it's a similar decision chain to what you think about when you need to invest in an upgrade. Is there a problem with stability? Is there a problem with scalability? Does the solution meet the evolving needs of your enterprise? 

From what I've heard, the solution that was in place in the past was very unstable. In terms of comparison, Single Sign On is much more stable from what we've seen, than the previous candidate. That's why we decided to make a change. We evaluated the options at hand, and selected Single Sign On to move forward.

I wasn't involved in the initial setup for our current environment, but I'm involved with a project that is setting up the upgrade environment. It's pretty straightforward.

When we are looking for a new vendor, what's important to us is the relationship between us as a customer and the vendor. That has to be strong. They need to be available and supportive of our vision. 

Also, we're looking for somebody who also can help us define that vision in places where we might not have it all the way fleshed out. You could go through the list of things that you're looking for in a vendor, and build out a wish list, but, realistically, somebody that supports us when we need it, helps us to figure out where we're going when we don't quite know, and, provides technological solutions that support our long term vision. CA does that, and that's why we're with them.

I gave it an eight out of 10 because it's a really good solution. No solution is perfect, so that's why I picked eight.

I would say to give CA Single Sign On a good hard look. There are a lot of other competitors out there folks like, Okta, PingFederate, I think IBM has a product that does something similar.

I would tell them that CA Single Sign On is a worthwhile option. If they're doing their research, take a look at it, and see whether or not it meets their use case. It does for us, and it does it well, so I would certainly recommend it.

I use it for authentication and authorization.

SiteMinder simplified user access for our organization.

It's agent-based. It's convenient to deploy and integrate.

From the developer's point of view, it offers quite an easy-to-use interface.

I like being able to integrate with different systems and it is agent-based. 

Inside the same web server, it automatically has the framework to do the authentication and authorization. So it's quite easy to set up, especially for a lot of applications.

It doesn't have a feature for... or maybe it has, but for modern authentication, like OAuth or OIDC. We haven't utilized that portion; we haven't really looked at it because our priority is LDAP integration.

Modern authentication, like SAML-based or OAuth. But in our case with SiteMinder, we haven't utilized that portion of the feature.

In future releases, I would like to see maybe some more modern authentication, OAuth, OIDC, some of these plus identity mapping… It probably already has some of this, but we would want to ask for more identity mapping. 

Also, development of support and compatibility to configure these, like with container-based deployments like Docker.

It's already existing in my environment. We've been using it for quite some years.

So, I have been using it for at least 20 years. 

The pricing is reasonable. 

Overall, I would rate the product an eight out of ten. 

The most valuable feature for us is the user experience in being able to use one set of credentials to access multiple applications. Also, I've never seen anything that does what SSO does. The first time I ever saw SiteMinder/SSO was in the early days of Netegrity, which was version 3.0.

It allows us to be able to collaborate with external partners, such as the government, in such a way that we're able to find out what they're actually looking for in a product we provide.

We've been looking for a tool that can help us do a better job of monitoring and of helping our users. Unfortunately, SSO doesn't really allow us to do that. We have to basically do it through brute force.

We've recently purchased a product called IdentityLogix which is going to help us do it. We looked at IdentityLogix for two-and-a-half years and we recently purchased a license from them. We'll be setting that up in the next couple of months. It should also allow us to see some analytical information that we're not able to see right now without doing, like I said earlier, brute force.

Currently, management wants to see how many authentications we have daily and monthly. And in order to do that, we have to write our own scripts based on certain logs, and that's not something I really want to do. If SSO could do that for me, that would really help me do my job better.

I haven't encountered any issues with deployment.

We've been using SSO since the Netegrity days. So for the last ten years, we've seen some bugs, but lately much less than in the past.

We have a highly-redundant system. We haven't had to do anything else to scale it up any more than what we've already got.

We've had a designated CA support engineer for the last four or five years now. Some have been mediocre, while some have been really good. Overall, technical support is very good.

I used Netegrity 3.0 in a previous job.

For the most part, the installation and setup of it with SiteMinder for the policy server aspect of it is fairly easy. For the web agent aspect of it, we've run into issues and have had to call support or refer to old notes from prior installations. For the most part, the setup is between easy and medium difficulty.

SSO is a very robust application. It's very easy to administrate and use. Users don't even know you're using SiteMinder or SSO. They just think they're on a website. I can tell by the URL that a company is using it, and I like that. It makes me want to use that company more often.

The most valuable features are security and ease-of-use.

Tokenization of the web applications is easy for application owners to integrate with the tool. On the back end the dev side, and the deployment cycle with web agents and policy creation are easy.

It's seamless with several hundred internal applications, which is a time and frustration-saving mechanism. It definitely gives a productivity increase with less time logging into things instead of logging in from application to application, while maintaining the security layer.

We’d like them to go back to the C version of the admin console. It was much smoother than the web-based version. Everything else is pretty good.

Very stable product. The only time we’ve had problems with it is deep behind SiteMinder, which feels the ramifications. The application we’re protecting usually has the issue, not the SiteMinder/SSO itself.

Very easy to scale. They have a good sizing guide it vertically scales very easily.

Once you get past the first level, it’s good support. Typically once you’ve supported the CA product for a couple of years, you probably know more than first-level support, so it’s frustrating to explain to them the issue.

It was already in production when I joined.

It’s definitely an industry leader in the web access realm. It’s easy to deploy and integrate.

You need to understand the overall design of your web infrastructure, and what do you want to protect – the entry point or the entry point and application server? Design questions, really. You need to decide whether you want fine-grain or course-grain authorization. For the CA solution, make a support matrix and understand other peripheral products in the environment.

There are a few valuable features in this product, such as single sign-on and web access management.

Centralized control to enforce security for the entire enterprise and complete visibility of the policies which we implement for most of the web applications make it more valuable for any enterprise. The ease of implementation is standardized and the availability of documentation on the CA Portal is very informative for any engineer to go ahead and implement it on his own.

From time to time, there are various upgrades available on the CA Portal that make it more compatible for all the different web servers or app servers to get it implemented.

It improves the working of our organization in the way that it secures most of the web applications or mobile applications. In addition, we don't have to depend on any other application teams to do any custom coding, as such.

Some of the features need to be improved. For example, the Federation feature. CA SSO is getting into that space and can definitely do better than the other products that are available.

It doesn't have a lot of features. I think there is some customization that's required on the CA Federation side if it has to get attributes from a different source. If an authentication has to happen in one source and then get attributes from some other source, then there's a requirement to do some custom coding work.

It's very much stable. As long as it works, everyone will be fine, but the minute it breaks, our enterprise will scream.

It's very robust and easy to scale. We were able to scale it within 2 weeks.

In regards to the technical support, the response time is good and they can give more hands-on information to engineers. Most of the time, they point to the available documentation on the CA Portal. But once we engage our point of contact, i.e., the partner contact on ASI, we get more attention from CA experts.

We were not using any other solution. We have been using this product for at least nine years.

I was not involved in the initial setup but we were involved in most of the migrations after the initial setup. The migrations are not very complex; it is moderate and not simple, either.

Engineers need to go through the documentation to fix some of those issues. One of the struggles was to create some of the indexes on their pre-server that we didn't know how to do. At that time, maybe, we were a few of the first customers who were doing this. So, we ran into some issues which were not even known to the CA support team.

It's definitely a good product and you won't go wrong if you choose this product. It's proven and is working fine. We can scale it. The support is also good. It's very stable and I don't think there is any other product which provides this kind of functionality.

The important criteria whilst choosing a vendor were scalability and the enterprise-level features that are compatible to all different versions of app servers and web servers.

The three security products perform different functions, but they are all part of the suite. SiteMinder is an industry leading solution as everyone is using it. The new offerings are simplified, which is good.

Besides that, other things are pretty much on par for the industry products out there. All the products have valuable features, but they’re similar with what’s out there.

We are using it for multi-factor authentication, and we are using it also for our identity management processes. Some of the tasks we have been doing for boarding, it's helped us meet requirements by having dual-factor authentication.

With CA Identity Manager, the integration support with other technologies is still not mature enough. CA IDM still has a lot of moving components. Oracle and SailPoint solutions are much simpler and robust, although we are using CA because we have licenses despite it needing to be simplified.

We're using this alongside IdentityMinder and RiskMinder.

I would rate the suite 4-5/10. SiteMinder is the most stable and is 7-8/10 rating. with the other ones, we’ve had problems, and they doesn’t really match our business needs. The other parts of the suite are lower.

I think for SiteMinder, we have a business need and we think it is scalable. For 2016, we'll increase our infrastructure. For the others, we are running them on a minimum hardware set.

We often use tech support when we get stuck in situations. We have less of a relationship with them because we escalate with partners and they provide us with support. If you just open a ticket directly with CA, the guy doesn’t have a solution. With the partners, there's always a good solution.

I started using it six years ago when it was very complex. Now they have given a lot of UI features and simplified it as well.

They are good from a cost standpoint. The price model offering is very comparative to other solutions. That is a positive.

We also looked at Oracle and SailPoint solutions. We looked for a solution that had good integration with other technologies in an enterprise organization. We also considered the simplicity of the product.

CA has a lot of servers, but it needs to be simplified to only two to three components. The SiteMinder solution is something that if my colleagues would like, I’d suggest that.

Other products I would say, go look out in the market. There are better solutions, and CA should look at Gartner’s Magic Quadrant and IDG. Look at the capabilities to see how they can bring those capabilities into their products, etc. It gives me the single sign-on between applications. On-boarding isn’t effort intensive. Those are good things.