Symantec Siteminder Reviews

It provides the breadth and the width to provide solutions for the different kinds of technologies which we have. Stability is the most important thing for us. It just allows the user a simple, one way of authenticating. They really made life simple for the user and and the user experience has improved. The user doesn't have to memorize and retain many passwords. They provide a secure and an easy to use solution.

As we are moving in to the mobility space, this is where we really see SiteMinder and their other product really come together to provide a solution base to a different area where the IoT is coming, the different business communications are happening. All of those things require authentication and we really want to see this product grow into that role.

We have been using SiteMinder for the last 15 years and we have been very good and successful in implementing the solutions. The solutions have been working for us. We have not used up any of those solutions since 2001.

Regarding the implementation aspect of it, any Single Sign-On solution has multiple components to it. The client side solution has a required plug-in, which is very easy because the majority of the web servers which are out there, their support is always available and for any kind of a new web server comes in and then similarly on the back end side where the servers are really running and it is very easy to incorporate and adopt.

The solution is very stable. It is the most important thing because all of our applications use this product. If the solution goes down and the product doesn't work then we have a major outage in the company, so it is very, very important that any solution we use, not only is it ease of use, but also that it is important that the solution is stable, and it works the majority of the time. Of course, no software solution is 100%, but as long as it provides 99.9% availability, that's what we look for.

It's very scalable as a self service solution and you can add as many servers as you want, and as many locations as you want. There was a time that we had 20 million customers based on this one solution. It can support a variety of ways, but there is a number of applications, number of users. All of these things really provide very good and easy ways to scale without many changes to the environment.

The important thing is not only the scalability and availability, but also having a good partnership. When the problem comes up, how quickly can we can solve it? That's one of the best things what CA gives us. To establish a relationship which is based upon the partnership and they are there to help us whenever we have any problems.

They have a tier support model just like any company has, so depending upon the type of issues we are having we usually get a good response very quickly. A back end engineer on our case if this is going on a severity level one, then we get very good support immediately.

The product is 8-9/10. It's very high because of their availability and supportability on different web servers is very, very, highly ranked.

My advice and best practices is always engage with CA. Make sure that you're working and getting their input and to also see what their best solution is. They provide a very good partnership. They give you a suggestion and recommendation. You'll her from them - What is the right thing? What is the right solution? If you engage and build a good relationship you always have a good solution.

The advice is that whatever you are thinking of the product make sure you are talking to the right people. The majority of them are good people and they'll give you the right solution.

We are talking about the authentication products in general. What was previously SiteMinder, AuthMinder, some of the risk based authentication products that they have. I think the mainstream use that we have for the products are probably around web single sign-on. Being able to sign on to applications, the users not having to authenticate again. One of the good features we get out of the product as well is to be able to include different authentication methods. We use username and password but we also use smart card authentication, which is very key to our company.

Two factor authentication based on hard token effectively. Yeah the main thing I guess is, well two things. One is end user experience, so single sign-on. Before the product was introduced, we had multiple sign-ons to different applications. End users have to enter their username password multiple times. Now of course with single sign-on they enter it once and then during that session, they no longer need to authenticate again. The second thing I think that is important also security. It’s a secure product. We can make use of two factor authentication with the product and so from a security perspective, it gives us strong authentication. Our solution has to be basically 99.9% available, which means we have to have the highest availability out of the product that you can rarely from an IT system

We have deployed it in a very highly resilient and with a very strong PCM component. Ability to fail over within a datacenter and the possibility of failing over between countries and datacenters. It scales well, we have 200,000 users that's not simultaneous or you are all using it at once but certainly it scales events. There are advanced features that would mean that we need to look at scalability so it does authentication, does also authorization. If there is heavy authorization traffic then we really need to also look at how we scale that up. It can’t scale. It’s just a question of putting in more servers, putting in more infrastructure to allow it to scale.

To be honest, I don’t get involved with the operations side too much. I am an IT architect so I look at the overall architecture of the system and then how to introduce new requirements and how they can get fulfilled but my impression certainly is that the support is good. It has to be very good because we have a 99.99% availability, so if it wasn’t good we would’ve moved off it by now. I would say it is a relatively complex setup. We have a relatively complex environment so with all of the availability requirements we have, it is quite complex but having said that, it is no more complex than any other enterprise systems that has to be highly available.

I wouldn’t say it was overly complex but there's complexity in it. One of the reasons we are here today is also to understand what features there are in the future. I think for me as an architect, I look at what the emerging trends are. We have a lot of new requirements; mobility is a big one for us. Bring your own device, being able to authenticate on mobile devices securely, being able to make use of multiple applications right on that mobile device. Being able to integrate with containers for example Citrix, also with the changing old pricing models we have, a lot of outsourcing, a lot of software as a service, we need to be able to improve how we have authentication to the cloud, federation capabilities and that sort of thing. There is a lot that we can do to go forward.

At this point I'd rate it about 8/10. One of the biggest things is availability. Availability, scalability, you really have to make sure you understand the scale of the deployment and what your requirements are around availability. Certainly in our company it has to be the highest scale, highest availability. Don’t underestimate the amount of testing you have to do, the amount of stress testing, load testing, because this is critical infrastructure. This really is the front door to all the applications in the bank and if this goes down, the bank has stopped working. Quite simply you have to make sure that you do all of the testing required to make sure that product is absolutely rock solid.

I think it is very important to do your due diligence. You need to do your research into what is out there and what is best to meet your requirements. That said, I think there is nothing really that can replace doing a proof of concept. You have to do a proof of concept, because no matter what the vendor says, no matter what other people say other blogs or other reviews, your involvement is always going to be unique. There is always going to be something that you need that maybe other people haven’t done before. Be that some authentication method, some authorization method, the number of people you have, your topology of your network.

There is always to be something. Take all of the other information in but you must verify yourself. I think you have to really understand supportability. Quality of the product, so you have to trust the quality of the development methods, the testing that it scales to how you wanted to scale that you’ve got examples of the product being deployed in similar types of organization, similar sizes, and similar industry is important. Yeah I think they are the main things really.

CA Single Sign-on is actually our main access control solution which we use to protect our websites, portals and applications, which are exposed internally as well as on the cloud and externally, as well as commercial applications.

It was very hard to get the end user experience in favor of like you login into one website and then you don't need to login into other website you can just click on the link and go over there. CA Single Sign-on has helped us a lot. The user only needs to use credentials once and then they can single sign-on into other websites which are already integrated into the CA Single Sign-on product.

Overall I'd say we're very satisfied with the product but yes, we had outages and performance issues but again I think based on the load and then how we're increasing our applications which are integrating into the solution. We have to do the technical and architecture review time to time to increase our capacity. CA has helped us with the architecture review and with the suggestions to take on the load. Definitely we need to add more servers, more capacity and also we need to go through the architecture review process there.

I'd say the speed to upgrade because I think I heard in the conference that they are trying to go with agile, getting new features in like period of months, a couple of months. That makes it very important for product management team to make it simple to upgrade. That's one of the biggest feature I'd suggest I'd like to see that if they can make the upgrade process simple. Overall I'd valuate it around 7.5 to 8. Definitely even when we select the vendors the product has to be best in the breed in the market.

I think we have a very good relationship with CA. I'd say because I think being a major access vendor product for us it's very crucial for our help cloud as well as our internal applications. We having a tier-1 support from CA and they have been very response whenever we have an issue, I think we get appropriate response from the support. I think right now we're using the solution for our cloud services which is having around 4 million users. I think it will grow to around 11 million plus users by next year and we're actually counting on the Single Sign-on solution to take the load and still meet our requirements.

Yes it can be complex, I think that's one area we have already given feedback to the product management, that is a little complex to get the set up and get it going and the upgrade process is very complex. Again it takes time to get but I think once the product is installed and it's there then definitely the stability is there. The complexity is the number of components involved in the overall installation and the education part. Like if we don't have skilled team members definitely it needs people with proper skills set to understand the product, different components, the app layer, the database layer all those components makes it little bit complex too to install.

For us the support and maintenance matters most there because once the product is implemented but if we don't have good support at all so that makes it very difficult to run the product. For us, yes the stability plus support is very important. I'd definitely say, do use them to first of all note down all the use cases whatever they want to achieve by implementing SiteMinder. Definitely SiteMinder has a lot of features, a lot of capabilities at all but usually it's not possible for everyone to use each and every feature.

I think based on the business requirements, application requirements they should first list down what are the main criteria or their use cases and based on that they should go with the implementation. That's very important for us because yeah, definitely when a vendor comes in and they tell us about the product and the features which can meet our business needs definitely that helps. Again as I mentioned for us support and maintenance is very important so it's not just once the product is in house and we're done with it.

We definitely look for possible forums and get the user reviews, go to the user groups so that we can find more about the product and supportability. I think we’re early adapters of it when we choose it like it is or it's still the best in the breed product available in the market.

It is basically for authenticating the users, whether it be privileged users or employees. Thus, we use that single sign-on (SSO) as an authentication mechanism.

It is a simple solution to implement, and it provides additional flexibility.

Right now, federation that comes out-of-the-box with single sign-on is the most valuable feature that we have, and also scalability.

Better documentation. I went through some sessions on single sign-on for version 12.7. Whatever features we are looking for from a REST API perspective, they will be there. So far, it is good. We have to implement it, and figure out what is good or bad about it.

There are a few other competitors which are taking up advantage over the segment being more agentless. SiteMinder is more driven with agent-based authentication, but the others are going with being more agentless. So, we have to go into the more next gen technology, where other vendors are going into, and that is where SiteMinder is lagging behind. The speed at which they are bringing up these features, it is very slow. 

It is stable, but certain features which are out in the market are not available to make it more robust.

We are able to scale well with the amount of users that we have and the users that we are supporting. So, it is quite scalable. However, it does not scale vertically. It is only scalable horizontally. Therefore, it increases the footprint.

Right now, we have hundreds of policy servers between two datacenters. If it was vertically scaling, the footprint would have been reduced, and we have been looking towards a solution. However, the SiteMinder platform as such, even the 64 bit, is built on a horizontal scaling architecture. I do not think it is built on vertical scaling. Even if it is, for most of the companies like us, where we invest in a lot of infrastructure, vertical scaling would not really help.

We had a legacy implementation, and their technical support has been acclimatized to the new partnership federation, so they could not help much in terms of the solution. Therefore, I had to do trial and error to figure out what to do with it, and get it working.

Over the past years, CA support has been only focused on problem areas. When there is a specific problem, they will focus on resolving that problem. They are more focused on closing tickets. They are more focused on getting the tickets closed than resolving them. If the solution is not resolved, and if I requesting, "Hey, I want a couple of weeks for that to be open." Sometimes, they do it. Sometimes, they say, "Hey, we will close the ticket, then you can reopen a new one."

Other instances, if it is a feature that we need answers on, support sometimes says you need to get professional services to get engaged. I do not know whether it is the right direction that CA wants to go, because support is something that support professionals are supposed to know about the product. I would go and open up a ticket to get answers based on the feature that is available or what we are planning to do. We cannot just go hire professional services for everything that we do.

All of the feedback within our team for CA Support is not good. It really is on a very low level, but then it is very specific for CA SSO. The CA support for other products, like CA Spectrum, has been good. However, for CA SSO, it is absolutely poor.

The initial setup was straightforward. Also, we have been doing upgrades, in place upgrades, as well as cloning infrastructure, which has been pretty straightforward. 

However, the documentation is very unclear. It is painful to go through the actual documentation and get the information which we need. 

I opened up a ticket a couple of weeks ago. It was on strong authentication where we wanted to upgrade from an older version to a newer version. I had to go through three documents and open up a ticket to understand how the upgrade process should happen. It was so confusing. In one document, they say something, and in another document, they say another thing. I actually had to open up a ticket for this. I wanted to delegate the work to somebody else, and when they asked me the question, I did not have the answer, because it was distributed across three documents.

Even during my initial deployment of strong authentication, this was the older six stack two version, if I would have gone through the document to build it, I would not have done it. We had professional services sitting with me, because I was doing a PoC. At that time, we went through the installation, and I was able to receive some help.

But for everything, I cannot go to professional services. If the documentation was straightforward, then I do not have to refer to professional services. That is one thing that I have noticed, the documentation is really unclear.

Ping and ForgeRock. In our company, because they are competitive and have an edge over SiteMinder, they are even considering going for ForgeRock or Ping. These companies are more flexible and are open source products, whereas SiteMinder is propriety. 

So unless we get into something, then we can't even go to open source and get the information. It is basically, we have to reach out to CA to get answers. 

That is what management is looking for. They want versatility, and when senior management looks for a product, they are looking at:

• Can we customize a product? 
• Can we add features? 

That is the thing that they're looking at, and they are finding Ping Identity, or Ping products, and ForgeRock products more appealing than SiteMinder.

I have been working with Site Minder for the past 10 years, maybe more. However, I know the product, therefore I am able to manage it. The people in my team, they are not really happy with it, mostly from the support perspective.

The most valuable feature is that it allows a user the ability use the same credentials for different secured parts of a website. From a user-experience perspective, that's important because you don't want to have to remember or write down several sets of credentials. When a user comes into our website, they just want to go about their business, not spend half and hour trying to figure out how to log in.

SSO has been able to bring together many different pieces for authentications -- directories, databases, networks, etc. It's able to, for example, authenticate against ten different directories to give people just one set of credentials.

It seems that when there's a new version, patch, or service pack, we find bugs. There have been times where we've had to revert versions because of bugs. It has gotten better, however, and we used to have a lot more issues. There is still a lot of room for improvement in this area.

We've had no issues with deployment.

The stability issues we've experienced have some with new versions, patches, and service packs.

We have it built way above what we need. We have more servers than we need so that we're not impacted if one goes down. We've built in redundancies as well so that there's no single point of failure. We have a highly available system.

Technical support has gotten a lot better. We have a pretty complex environment and we used to have to explain it every time we opened a support ticket. Now the support engineers know our environment.

I'm actually impressed with technical support now because we have many different pieces to our SSO environment with lots of custom modules. They have their resources and can get back to us with answers.

It was initially complex because we had many directories. Upgrades, however, are simple. But there's no way to downgrade. You have to uninstall and reinstall the previous version.

My advice would be to set up several environments, including a sandbox where you can test upgrades and products without impacting users. Then have a dev environment for some users to test.

The ability to easily manage user accounts is great.

Segregation duties is another great benefit. It has allowed us to automate the process of creating user accounts really well.

I can't think of any additional features I'd like to see, as it does everything we need.

We've been using it for around two years.

It’s been very stable so far and hasn't gone down at all.

It’s scaled up as far as we've needed so far. We're a midsize customer with about 2000 users, and it's been totally fine.

They get us answers, but often they’re too slow. It could take us as long as two weeks to get the answers we need. While sometimes it's quick, it has often been slower than ideal.

We’ve always been using this, and beforehand we used a homegrown solution. We switched because it had insufficient automation and our homegrown solution was just too inflexible.

I wasn't involved in the initial setup.

I always look for quality of services. CA have been OK so far, but not a slam dunk. We had one problem where they took forever to get back with us, but they eventually solved the problem fast.

My company also looked at IBM and Oracle, and I don't know why they chose CA.

Check how many endpoint systems it supports. We chose this because of the amount of endpoints, you can automate the creation of endpoint systems, and it has the ability to create custom connectors. It supports the connectors out of the box and this is faster and easier than doing it yourself.

The most valuable features for us are:

• Access management
• Role-based authorization
• Identity provisioning
• Identity federation

The product greatly facilitates a centralized identity and access management system. It provides seamless navigation across different applications in addition to enabling the flexibility to personalize contents based on user attributes without additional requests.

It enables security and single sign-on to applications deployed on thick clients, web based applications, and ERP systems.

It easily integrates with third-party service providers by enabling federation gateway capabilities.

There is a considerable improvement in the product from previous versions, but a few items we feel need a little attention are the web agent installation process and steps – as it behaves differently on the same OS.

Improvements are also needed in the password policy template customization and it's missing the required documentation to do it.

The knowledge base needs to be enhanced as there are very limited resources on the web while debugging issues.

Avaya has used SiteMinder 12.5s2 and IdentityMinder for eight years. We also use the following products -

GovernanceMinder 12.6 – New to Avaya; in initial deployment
PIM R12.8 New to Avaya; in initial deployment

CA Single Sign-On – No issues encountered during deployment.

CA Identity Manager – No issues encountered during deployment.

CA Privileged Identity Manager – Few issues encountered during deployment, mainly related to resolution of DNS entries for Active Directory.

So far no issues encountered with stability.

So far no issues encountered with stability.

It's very good.

It's very good.

No previous solution was used.

It was a mix of internal Avaya and an IdmLogic team.

CA Single Sign-On was deployed by an internal Avaya team and CA Identity Manager was deployed by the IDMLogic team.

A CA team was instrumental in deploying CA Privileged Management solution.

CA and IDM Logic have very good expertise in implementation of these products.

No other options were evaluated, it's just upgrades.

Have a significant knowledge of the applications transitioning, as it requires interfacing with these products to ensure proper adoption. Have a roadmap to integrate identity and access management into your organization.

We use single sign-on to provide a single login page for all of our client apps across the organization and it performs wonderfully. We almost never have outages nor see slowdowns, not from our stuff anyway. 

People do not have to remember 35 to 40 usernames and passwords. They have a link to go to their page that they need to work on, and it is there. It knows it is them. If we lose an employee, they no longer can sign in from anywhere in the world, they are immediately gone. 

Simplifying the user experience. We use a lot of integrated Windows authentication with it. All of our applications get a point, click, and you are in, while we increase security at the same time.

I would prefer to see their SAML integration be a more streamlined and easier interface, more like PingFederate's interface. Their product works just as well for that use case, but we do not use it, because it is a much larger learning curve to get it running.

It is one of the most stable products in the banking organization that I am in. It never goes down and if it does, it is usually because my partner or me did something to it. 

I have been using it for a year. The company has been using it for probably 20 years. It has always been a very stable product.

It is immensely scalable. We have 18,000 employees running on six servers right now. They are not even at 10% usage, but to spin up more just to add a server and plug it in, it is ready to go.

Technical support is fantastic. They provide quick answers. It is very rare that it takes more than two or three days to actually resolve a non-production problem. With a production problem, they are right there with you the whole time until it is fixed.

We have had large-scale issues, but it never really took them a long time to fix. Usually within a few hours, we would have a fix.

They also take use of their community.

I was not involved in the initial setup, but I am involved in building a parallel platform right now for an upgrade. 

The upgrade is a very straightforward setup, easy to install and run. A little bit complex to set up rules, but that is why you want engineers around.

We have a resource that we are paying for from CA, but we really do not need to use them, except for on the Identity Management side. 

I would absolutely recommend they go with SiteMinder SSO. I have worked a little bit with some of the other products out there and they are not as easy to use, and they are definitely not as stable. Shibboleth is a competing free product. It is horrible. A lot of companies use it, but it is not fun.

Because I am new to this area, the thing that surprised me about CA is how quick they are to respond to changing needs. If we tell them we need something or do not know how to do something, they make it happen for us. It seems crazy for such a large organization to make that kind of move. 

The tool is easy to integrate with old, archaic, existing infrastructures that may not have been built with security in mind in the first place. With very little modification, we can usually secure a platform that never really had it before.

Most important criteria when selecting a vendor: responsiveness. When everything is good, the vendors are always around. It is how they respond when you have a problem.