Symantec Siteminder Reviews

The most valuable feature is being able to debug problems, even though it can be a little bit complex and you have to know quite a bit to be able to dig around, root around, and figure out what the problem is. But I think getting into it, once you understand it, it's not too bad.

It definitely makes customers' or users' lives easier. People don't really appreciate it until they don't have it. Once everyone has SSO, if you took it away, they'd say something like, "Oh my God. I've got to put my password in every single time."

Just having it there, even though people may not consciously realize it, is a big benefit for companies. It simplifies things; reduces user/customer frustration.

• I would like to have a really simple interface; a more modernesque, cloud-based interface, with dynamic real-time information on the various configurations or object configuration points that associate with the applications.
• Ease-of-use
• Smarter error messages

It's had its moments in the past couple years. We've had interesting bugs that we've hit. When you see those bugs, and when they hit you, and it hits production, you get this big skew of, "This is a problem. This is not good." You feel like, "Why did this make it through QA?" Ultimately, there's going to be explanations, potential revenue loss.

CA SSO does have stability issues. Once you can find ways to get around them, whether it's fixes or you configure around them, it starts running for a while and it's OK.

It can scale. You could add more infrastructure. It's very manual.

CA was talking about doing a Dockerized solution, or being able to push out and basically configure new instances of the components. I haven't heard much about it recently.

CA SSO can be scalable, but it's not exactly the easiest thing to do. There is a lot of manual work involved.

I'm not very happy with technical support. I know the people in technical support. I usually give the frontline guys a chance but usually, when I report issues, I've kind of gotten as far as I could and I usually need somebody on the back line. With my recent cases, I haven't been too happy with the technical support that I've gotten.

I wasn't involved in the initial roll-out or the initial discussions around the solution. From previous experiences, it's usually, a company realizes, if you're part of the security team or the identity team, if the company gets to a certain size, they try to find ways to make things easier to do; not only for employees and customers, but also for audit compliance.

Within that space, there are a handful of companies that do it and they each have their own reputation. CA has a reputation of being a simpler product to use, in some ways, as compared to Oracle, which is a pretty complicated product to roll out. There's a handful of players. Usually, if CA wins, then CA is there.

If you compare it on a spectrum of really easy products to deploy – like single-clicks that can maybe even automate themselves and push out their own instances of themselves – versus, here's a big book of steps that you have to go through, I think CA SSO is kind of on the left side of that spectrum.

Whatever you're considering, this is a good solution. It's got all the plug-ins and the various components – app servers, web servers – and you can customize it quite a bit.

In its space, most of the other competitors have the same sort of challenges. It's probably a little bit easier out of the box to get it to work.

For what it is, it does things reasonably well, once you get it working.

It definitely has maturity, but for all the number of releases that it's been through, I kind of expect that over those years, it just gets better and better. Like, with Microsoft, after three times, Microsoft usually gets something done really well.

CA has gone through SiteMinder/SSO 3.5, 4.0, 5, 5.5, 6, 12, 12.51, 12.52, so you start getting into the game of semi-releases, for different reasons. There hadn't been much changes in SiteMinder significantly until the 12.5 series, so between 6 to 12, there wasn't that much change, and then 12.5, there's a bit more change.

The most valuable feature is that it's a rock-solid enterprise solution. It's the de facto standard. It works. It does what we need it to do in those circumstances, and it does it at scale.

It presents a standard pattern for people to secure their applications. In that regard, along with the tooling that we've built around the product, but the product itself as well facilitates app teams being able to do their application development, and then let security be layered on in the front of that. Given that we are a bank and we have significant issues around strong authentication, etc., that means, we can take care of that. The app teams don't need to keep up to date with whatever is new and current. They can just keep deploying applications. We deal with the security.

I think our questions, from me and our team, relate potentially to other products in the CA portfolio. There are other things such as strong authentication, risk-based authentication, and especially API management, which all represent a portfolio that could be integrated. Our interest is knowing the roadmap for making those part of a more seamless offering. If you like, it's the aggregation of the features of all those products, and how they come together.

It's very stable. I don't know that we've ever had it go down on us. It's occasionally gone really slow, but I don't think we've ever had a complete and utter outage that was the result of the product.

It scales. You have to pay attention to its dependencies on the rest of the ecosystem, and especially the directory. That's what's bitten us before; make sure that your directory is responsive, near, and is scaled appropriately for CA SSO.

We use technical support. It's not the best feature of CA. Lots of enterprise product companies have variable support offerings. CA are not the worst, but they're not the best. They're okay.

I wasn't necessarily involved in the decision to invest in a solution like CA SSO . I was brought on post that decision, but it can really be summarized as: The previous solution was a combination, a kind of hybrid, of a third-party vendor who we fell out with, and some home-produced stuff that was clearly not fit for purpose. There were commodity products out there that could do it, and SiteMinder, CA SSO as it is now known, was the best and most scalable one at the time. We have a large enterprise, so it was the obvious choice.

I believe the one that we had fallen out with, a big third-party vendor, was still on the list but for nontechnical reasons, they were not really considered. I think there were two other vendors in the frame.

It's difficult to name the most important criteria when selecting a vendor like CA. In our minds, CA is a product company and not so much of a solution company. I think they have aspirations to be a solution company. Delivery of a solution, working with us on the requirements is quite important; understanding our problem and our space. Price is actually quite an issue with us. The new, modern world, cost constraints, especially in the financial services sector; we're all looking to improve margins in a tough climate. Cost is an important issue as well.

You definitely need to consider CA SSO but you need to be mindful of the new ways of developing applications, and possibly look at the CA API Gateway product or some hybrid solution as well. You definitely need to consider CA SSO.

It is quite solid. It's never really gone down. It's a well-understood and reliable piece of our enterprise. The only reason I didn't rate it higher is that it's becoming a little less appropriate for the more modern styles of web application development, which is why I am curious about CA API Gateway and leveraging that. I think that represents all the features that are missing from CA SSO.

Clearly, we can go and buy the new product set and I guess CA would love that, but there needs to be a story about how the two live next to each other. It seems like that story is worked on in the SSO world, and it's worked on in the Layer 7 world, in the API Gateway world. I don't know if it's being worked on as a consolidated whole; a solution. That brings me back to the point I made elsewhere about solutions vs products.

It's flexible, powerful, and superperforming, I'd say. It performs very well on the road.

We can secure many access points, whether they are local apps, or on-premise, or in the clouds with third parties, with partners, or with customers. It manages user profiles and identities so we can secure and standardize our web access management.

The admin UI needs to be more stable. They should bundle more of the products and get rid of a lot of the small pieces which we need to configure on the top of the initial setup. Examples of this are the SM Console and the registry.

It should be easier to implement and deploy; and it should support more platforms, such as more operating systems.

It is much more stable than it was before. Now it is getting to be very stable, especially when you tweak it properly and follow CA best practices.

It's very scalable. Right now we're on the 32-bit version. We need to add more servers and more capacity to handle the loads. I hope the next version will be even better than it is now.

Technical support is above average. It used to be below average, but they improved a lot over the past year and a half.

• We needed to implement secure access. CA is a leader in this area, so we went naturally with the best. We also chose CA because of the way they interact with customers, pitch new features to us, ask us for feedback, and provide us with support.
• The product itself is easy to implement.
• The login is super-responsive so that there is no lag before you can access the system. This provides a positive user experience. It is flawless. I log in once to my portal, and that's it. CA Single Sign-On takes care of everything else.

You need to know exactly what you need to do. So you need to know your use cases, your needs. Just go ahead, contact CA, and see what comes out of it. It's a great product, so just use it. Try it out.

The biggest value for us is being able to use SSO as a service that we can expose to all of our customers. For all of our customers, the idea is to have a single sign on where one account is created to access all of our systems.

It really improved the speed to market from account creation through provisioning, and onboarding. That's really one of the biggest advantages. Also, as users move from system to system, their account access follows them through it; so you don't need to create new credentials every time. That's one of the biggest benefits for us.

For instance, we have our HR system and our time reporting system. Those are two separate systems, but integrated access is possible using a single profile. It's great. You log in once, and you get that seamless account integration.

I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.

But I think it's good. We're not in any major problems right now, so things are good.

It has been very stable.

We haven't had to scale really far out yet, but that's coming. We're probably going to double our usage in the next 12 months. That remains to be seen, but we don't really foresee any major problems there.

Technical support has been great. We do rely on them quite a bit. The organization is small, so having the ability to reach out to some really qualified people on the team helps. They've stepped up and really helped us through some of our implementation problems early on; but we're all good now.

Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.

We looked at some of the Microsoft tools, ADFS and those pieces. We also looked at Azure and all those; but ultimately, we wanted something one per miss. We wanted it to be a service so that we could expand. We wanted to be able to scale up at our pace; and that's really where the SSO product fit right in.

From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.

For us, it’s the best-of-breed pick on the market today. More importantly it’s the least complex enterprise solution that we can manage. It integrates well with multiple applications in multiple environments. That’s a big deal for us.

It makes it easier to find all the policies we have in place and run. Less work for me!

One big problem we have is keeping track of the various patches and bug-fix releases. They come out for different platforms (Windows, Linux, etc.) and it’s complex. It’s tough to keep up with all the releases and bugs that get fixed.

It’s complex compared with similar products out there.

It’s stable and mature, but we’ve had challenges as we grow. We see glitches here and there, and a little bit of latency in performance.

We have challenges, performance issues for which we’re unable to find the root cause as we scale. But we’re working with CA on this.

It’s excellent. We’re able to get enough attention for fixes. Sometimes the cycles are long, but it’s still good considering what we need.

The initial setup was not straightforward. It definitely has its learning curve.

It loses points because of the performance issues when we scale, which has to do with the complexity of our environment. If it’s out-of-the-box, maybe others don’t have this issue, but we do because we’re large.

Single sign-on allows you to log into multiple areas and sessions with just one user login. SiteMinder uses a cookie to pass the credentials along to different applications, and it’s encrypted. You can determine how long the session will last before users have to log in again. And if you have NTFS capability, it just automatically logs in again for them, using a firewall to protect LDAP.

We use it for our tier-1 applications through GLBA and SOX. It helps with compliance because we can make sure who a user is, log-in information, etc.

It’s never been an out-of-box solution except for IIS, which installs web servers for you. Basically, you do a bit of configuration, and the client on the other end is heavier use. That’s the beauty of SiteMinder -- you can do anything with it.

It’s really difficult to initially configure, but once you know where the traps are, it’s not a big deal. It’s done everything we’ve needed it to do.

It could use better air handling -- if your policy doesn’t work, you just get some dots instead of real information without looking at the logs. It would be nice to find the info without hunting in the logs.

Once every one to two years, the service will freeze, but if you have redundancy, all you have to do is restart. If you have redundancy, it’s not a big deal. The way it works, is that it does a round robin so that if one server goes down the other three handle the traffic.

Very scalable. You just have to have a central database where all servers hook up to the policy store, and all servers can use the database without a problem. You can then add as many servers as you want.

We’ve been using it since they were Netegrity, who had amazing an KB. But unless you’re standing up a new application, you don’t need it. We only get tech support involved when we have a new application.

I’ve been running SiteMinder since v4, the first time I had to learn everything. It’s easy to export the policy to the policy store, which is your most valuable thing. It’s on v12 now, and I haven’t had to update for two years. We’re no longer handling the server admin, that’s another team, but we’re handling all the policy configurations. We can take that and go from version to version with no problem.

As far as software goes, it’s as close to the energizer bunny as it gets. Every now and again, service will freeze, but other than that it just goes.

It depends on whether you can log in directly to your LDAP and manage it, because that would be easier. If you need the ability for just logging without buying an application and want good security, it’s an awesome solution.

Most people use it as an external firewall, but all our firewalls are internal, so this is a good back stop.

It provides us with authentications, authorizations, and basically providing the client with better secure services.

We can differentiate between the good logins with a genuine user and unauthorized ones.

It’s easy, versatile, and functionality-wise, it’s very user-friendly as well.

With SSO, we’ve been able to better serve our clients, and wherever these authentications are required we can effectively manage the authentications. The bottom line is that if the clients are happy with the SSO solutions we’re providing, we’re doing a great job and the product has been helpful.

I would say advanced authentication, but they have another product for that. SSO could be merged with automatic authentication, so if I want to use those services I could depending on our requirements, rather than having two different products installed.

Like every other product there are things that need improvement, but it has been pretty stable. From a job perspective, it does what it is designated to do. Sometimes there are issues with non-sequential navigation, but when there’s an issue we get a fix for it. There are no issues with the core functions.

We are applying the solution to a lot of the platforms we are planning for, and we’re pretty confident and positive that it will be the best solution for us.

It’s good. Sometimes you have to wait for the right resources to come up and follow the escalation chain, but they’ve always been very responsible. I would like to get answers right away in most of the cases, not being sent offshore to have some analysis done. But I’ve seen that improvement in the past year – the customer service has improved.

It was already in production when I joined.

We installed one version and there is a bug in it; from a customer perspective I would want that particular issue to be fixed rather than getting an answer that the bug will be fixed in the next version.

It doesn’t mean we’re not trying to address it from our side, but with clients on it, it does take time and we’ve got to keep in mind all of the consequences. If they could have those exact solutions for a particular issue that would be great.

You should understand their requirements before they select a solution. Then you need to verify that you have the correct infrastructure, resources, and that your applications are compatible with the SiteMinder solution.

The most valuable feature is that it enables us to integrate multiple applications and give our users a true single sign-on experience when they go from one app to another app. From the user experience point of view, it definitely adds value to the company.

It's one of the leading products in the market today. Everybody likes it.

It definitely reduces the amount of time the user needs to access each application. They don't need to go through the login process to access individual apps. CA SSO does help us provide our users with a single sign-on experience.

We are definitely looking forward to versions 12.6 and higher because they are based on a 64-bit framework. We are looking forward to leveraging this to get better performance out of the product.

We have been using CA SSO for more than ten years and we don’t see any issues in terms of stability. It is a good product.

We do leverage technical support for any questions about new features; or if there are bugs in existing functionality, we benefit from their help with the fixes.

I wasn’t really involved with the initial setup. Most of it we basically do ourselves with the tools and the documentation that CA provides.

We have two business units: wireless and wireline. Wireline was already using Single Sign-On, so that's why we decided to stay with the same product on the wireless side.

CA SSO is a good product with a lot of features. CA is continuously evolving that product by adding new features. It will definitely help any company achieve their single sign on goal.

When we select a vendor, our most important criteria are the number of features they provide, how those features fit into our ecosystem, and the amount of time users spend to do what they want to do.