Symantec Siteminder Reviews

Security is the most valuable feature.

It enhances the user experience and the security posture for the company. It protects the company from vulnerabilities.

It has improved our user experience quite a bit because they can log in once and go to any application they want, as long as it is integrated with SiteMinder, which was the not the case before. So, in terms of productivity it does add a lot of value.

We would like to see more information on the analytical piece of it. There are certain other components which are integrating, advanced integration, that might add value to it. We would like to see the CA SiteMinder by itself provide threat analytics, depending on behavioral authentication and so on, without having to add an extra piece to it.

We've been using this product for about ten years.

This product is quite stable. We've been using this product for about ten years. We haven't experienced a situation where we had to take an outage because the product was unstable. The core policy server is pretty stable, but there are other add-ons that keep coming up with which we keep having problems. However, CA has been proactive in fixing these issues.

The scalability of this tool is very good.

I would give the technical support a rating of 2-3/10. Most of the time, from my experience, every time I have an issue, techncial support tries to buy time by asking me some unrelated questions or by trying to give me information that does not match my requirement. I need to push hard to get a subject matter expert who can help me with the product. This is an experience I have been having for the last 4 to 5 years; it is not new.

We were not using any other product before this one.

I was involved in the initial setup process. The initial setup was neither straightforward nor complex. It is medium, depending on the implementations. It was a bit complicated because of the number of components that we had to install, based on our setup.

Any advice I would give about this product would be an honest reflection of my experience with this product. From the technical perspective, as much as we can do, it has been pretty good. Don’t get me wrong, our account manager is great; there is no question about that. However, the quality of support and documentation are my primary concerns.

Some of the most important factors while selecting a vendor are the vendor’s technical experience, our approachability to them, their response back, licensing costs and so on.

The most valuable feature is that it takes a lot of the logic for authentication and authorization out of the hands of your application and moves it into a centralized framework. Once we have our authentication and authorization policies set, they are easy to duplicate across all our applications instead of trying to develop them into each application individually. That’s where we probably see the most benefit or the most cost savings for our organization.

It has reduced developer costs; we get some of that back. Before, when we used a tool that was engineered in-house, it still required a lot of developer resources. Every time we created a new application, it needed to integrate into our in-house solution.

As we are now moving away from that, this product gives us the ability to have single sign-on zones expand outside of even what was normally our in-house product, to now use things like federation and SAML to carry out single sign-on, to things that might not even use the single sign-on solution from CA.

Increased single sign-on zones and then saving on developer time/costs are the biggest benefits.

One thing that we found a little difficult, was the default functionality to understand error messages coming back from a directory. You had to either use an add-on product or an advanced password service or perhaps change components within your directory, just to understand a simple message whether if a password has been expired or if it was incorrect.

Since then we have bought an additional SM Walker product, which is a third-party solution to resolve this issue. However, it would be nice if that aspect of the solution was a default functionality, within this tool itself and not something that you had to purchase as an add-on feature.

It has been good, after the initial first year or two that we purchased this product. When we first started out, we had some implementation issues; maybe it was not configured correctly and that caused us some problems.

Once we figured out those issues, it has been very stable since then.

Once we were familiar with the product, we haven't had any problems with its scaling. We had to figure out the factors that need to be increased so that we can scale up and also elements to look for as far as performance is concerned. We continue to use it more and more, along with an increasing number of applications being brought over.

We have used technical support quite a bit. Once we get connected to someone who understands the issue and can explain the necessary solution to us, it has been very good. For us, getting to that person or to the second level of support is time consuming. We have to jump through a lot of the same hoops in order to get to that person. The initial first level support is not as great, however once we get to that second level, we usually get back meaningful solutions that help us out.

Initially we didn't find the need to invest in building ourselves. We had an in-house product that we had developed and as time passed by, there were some security holes that can be found in any existing product. It wasn't cost effective for us to maintain it. Hence, the decision to purchase a third-party software like CA Single Sign-On/Shibboleth/CAS made a lot more sense as the expense incurred for purchasing any of these products was much less than for us to create or develop our own in-house solution.

Basically, it did not make a lot of sense to try and reinvent the wheel when nothing unique was needed for our organization. It was just more logical to buy another tool versus using an in-house product.

With the default set up, there is always a limitation on the number of connections that you can have under your policy servers. We didn't know this and it wasn't something that we were informed of, during implementation. As a result, as soon as we hit the maximum limit we started experiencing issues. It probably took us about a month to figure out the solution, which ended up being rather simple but that was a big bump in the road for us and hurt us in the initial stages itself.

During implementation, make sure to verify the tuning guide. We had a transition with our implementation person, who was changed in the middle of the process. In our case, factors such as maintenance and performance tuning were skipped over. We didn't really get to those aspects until we were live-in production and then needed to work out some of these issues. Thus, don't underestimate such a situation because when you experience such issues your customers are also going through them and then at that point it is public.

Mostly, our experience with this product has been good. There are areas that we think could be improved but mostly, we are happy with it.

The 2 other systems that were seriously considered were Shibboleth and then CAS. One of the main reasons as to why we decided to purchase this product, was the authorization functionality that exists in CA SSO. It was more suitable for a lot of our products as we could save time in the development aspect. I am not sure if any such functionality did exist at that level or complexity in either Shibboleth or CAS. Thus, for us this was a major selling point.

With Single Sign-On, we don't have to do anything in our system.

After they deploy the application, everything works seamlessly. That's the main benefit that we get out of this product. For authentication purposes, we can keep security out of our applications, which is productive for us.

We can rapidly onboard different partners. We don't have to wait for months to do that. For this, we use the Federation feature from CA Single Sign-On, which helps us a lot.

There is a need to introduce more templates in the UI side and this would help design this aspect better. As of now, there are only a few samples available.

There is scope for improvement in this product.

It works fine. We did not find any stability issues. It is very rare to see something go wrong, so the application is quite stable.

However, we have noticed that when you update to the latest version, it can be unstable. Right now, we are in a stable environment.

You can scale it very easily. It works exactly the way the product has been documented. We can scale it well and we did not find any issues with it.

The technical support level is moderate. I would give it a 5/10 rating.

It depends both ways - we need immediate solutions however from their end, it takes time to get answers.

We required such a product, as we were using an old solution. That’s how we started using CA Single Sign-On with the CA SiteMinder.

The setup was not straightforward. I would give it a 7/10 rating - 1 being simple and 10 being complex. So, it was quite complex.

I would advise others to use this tool as it is robust and mostly it solves all the problems that arise in our industry.

We did consider other vendors. However, after we saw the demo for this product, we decided to purchase this product.

The factors we looked into before purchasing this product are the benefits of this product, how CA functions with other tools, costs, the level of support provided, upgrades and so on.

The flexibility; the multiple authentication schemes you can use; and the fact that you can use SiteMinder single sign-on to protect web services and web applications.

Customer support has been great too. CA has been good with my questions, getting us solutions for our two factor off, which we implemented a few years ago. They worked with us to get that rolled out. It's really flexible; and I think that's my favorite part.

We're able to have one single centralized way of logging in when you have shared sessions across all applications. It's flexible enough to have our two factor off implementation with it. It just makes things really easy for our users, both internal and external.

Like I said, it's pretty flexible. I mean it's met every one of our needs so far. We're currently looking to find ways of using the same authentication, which we've never actually used in it yet.

We're working with other companies now to provide federated authentication, both in and out. I will have to try that before I can say whether or not it's going to work. If it doesn't work, I think that's something we will have to explore with CA to find third-party alternatives, or something else in the future for enhancements.

I think SiteMinder's been perfectly stable. We just went through an upgrade about two years ago. We're still on SiteMinder, not SSO yet; so we still have another upgrade to do in the next year. It's been perfectly stable.

Our customer base is not the largest. It's probably about 10,000 right now. It's scaled fine. There's no problems there. I think we have room to grow if we need to. In terms of the number of applications we have thrown on there, it's grown pretty much exponentially since I started. No problems.

I've used technical support and I will say that I've said this to our sales rep a few times in the last two years, the customer support at CA has gotten so much better since I've started.

I used to get the runaround initially. They would ask us the same four questions all the time. I always felt like they were trying to brush me off and tell me “Go figure it out yourself” for the first few conversations.

For the past few years, it's been more like, "Okay, we know what you're on; we're tracking what you're doing; and we know that you're on this version and this version. How can we help?" It's more of a conversation, and that's great.

We converted from DMS, which was SiteMinder before CA bought it. I think it was relatively straightforward. From what I heard, there was a roles conversion process. We went from the old way of doing tasks to access roles. This required some work, but at that point, we didn't have that many web applications; so it wasn't a huge deal. It sounded like it was pretty smooth.

It is a flexible platform.

Using this product makes it easier for enterprises to integrate a majority or even all their apps into one single solution for access. Its easy-to-use functionality is the most valuable part.

The primary benefit of this product is security. It improves the overall security posture of the organization.

Secondly, establishing such a platform helps in saving costs as different applications are not trying to build their own security solutions and spend more money there.

A simple feature that still does not exist but it should be implemented as soon as possible, is that if a user is accessing an internet app from the internet, then it should perform a desktop single sign-on. But, if the same application is accessed outside of the network, the users should be given a page login. I don't want customization to implement this behavior, since this should be a simple configuration within SSO functionality. This should detect whether you are accessing from inside/outside of the network and accordingly present the authentication. This feature does not exist today and it is something, that almost all our clients ask for.

This is a mature and stable product. It has been a leader in the market for around 10-15 years. I can't imagine another competing product out there.

This product is both stable and scalable. I've seen up to 5-6 million users.

One advice for all would be to build relationships with the CA technical support team.

It is important to utilize your account manager if you're a customer or your partner contact if you're a partner, as this is the best way to get more information from them. In my opinion, building these relationships makes the entire the experience better.

Some of our clients, at times, have thought of using different solutions. The main reason for that is sometimes they do not have skill to harness the capability of this product along with the features that it offers.

When the client approaches CA, it provides an answer that is more product-oriented, rather than solution-oriented, so there is a communication gap. When we are at the client's side, we bridge this gap and that's why our customers are more successful working with us and CA together, rather than working directly with CA.

I was involved in the initial setup process for some of our clients.

For SSO and its setup, the process was straightforward.

It is very important to educate yourself in regards to the capabilities of this product by interacting with CA or attending conferences like CA World as they give you an insight about all that the product has to offer.

Single Sign-On is a mature product and hence I would be confident in recommending it to our clients.

The biggest value for us is being able to use SSO as a service that we can expose to all of our customers. For all of our customers, the idea is to have a single sign on where one account is created to access all of our systems.

It really improved the speed to market from account creation through provisioning, and onboarding. That's really one of the biggest advantages. Also, as users move from system to system, their account access follows them through it; so you don't need to create new credentials every time. That's one of the biggest benefits for us.

For instance, we have our HR system and our time reporting system. Those are two separate systems, but integrated access is possible using a single profile. It's great. You log in once, and you get that seamless account integration.

I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.

But I think it's good. We're not in any major problems right now, so things are good.

It has been very stable.

We haven't had to scale really far out yet, but that's coming. We're probably going to double our usage in the next 12 months. That remains to be seen, but we don't really foresee any major problems there.

Technical support has been great. We do rely on them quite a bit. The organization is small, so having the ability to reach out to some really qualified people on the team helps. They've stepped up and really helped us through some of our implementation problems early on; but we're all good now.

Initial setup is pretty straightforward. There were no major problems there. Some of the use cases we are doing are a little complicated – that's where the nuance came in – but, from a high level, as a 'ready-to-go out-of-the-box' solution. It's been fun.

We looked at some of the Microsoft tools, ADFS and those pieces. We also looked at Azure and all those; but ultimately, we wanted something one per miss. We wanted it to be a service so that we could expand. We wanted to be able to scale up at our pace; and that's really where the SSO product fit right in.

From our experience, start with a focus group first. Understand what the problem is, and what the needs are. Get those initial users in, and then focus on your long-term objective. If you have a very large set of people, you need to get into the system. Don't try to get them all at once. start small. Go to that business case, get the proof of concept. Take that pattern and evolve it.

The valuable features are security in general and ease of use. More specifically, ease of use for the developers, and security where the developer doesn't have to know about authentication or security. You just put the agent on, and it's all handled for them.

This product takes the burden off the developer. It increases productivity, because they don't have to worry about security in their code as much. This speeds up and aligns the development. The product works on my IP as well.

I would like to see reporting, REST-based queries. Reporting is a big one for us. We want to be able to put in the URL and get a list of all of the access that that URL has. On the flip side of that, one could put on a LDAP group, and program this LDAP group to get access to all of these URLs. That's something that we don't have today, and we're actually trying to build that. It would be nice if that was built into the product, and be API driven. Anything that we can do in the user interface, we want to be able to do that programmatically through SDKs, or through a rest interface. It's all about automation stuff. With everything moving to AWS right now, we have everything automated with CA Single Sign-On, except for the installation. That's the main reason behind my rating.

The stability is pretty good. Probably on a scale of ten, I would rate it as a nine or ten.

I would rate the scalability as an eight or nine.

In the past, I'd say our quality of technical support was probably pretty low. In a lot of cases, it seemed like we knew more than the support person, but recently it has gotten a lot better. In the last few support cases, it seemed like they were really knowledgeable people, so I think it's heading in the right direction. Technical support is a lot better now.

The installation process was complex. There are a lot of different moving pieces, and the main complaint is that it's hard to automate any of it. There are so many disparate pieces, and it's not built on top of micro services, neither is it API driven.

I think the relationship with the vendor is good, that they come to us for feedback. They ask us what we want to see in the product. I think is becoming better now than it has in the past with the community. I actually submitted a community idea, and within a year that was actually put into the product, so I think it's getting better in that regard. I would say first try to figure out what your business requirements are before you come up with a solution, and then look at what the solution is. In a lot of cases, CA Single Sign-On could meet those business requirements.

We use our SSO CA product for doing our single sign-on for our B2B customers. We have about 200 applications that sit behind it and it does all our single sign-on for about 50,000 customers that we have in our B2B space.

We have three single sign-on products in our office and I believe that the CA product offers the best product of the three. We have Oracle Access Manager, and Open SSO also. Single sign-on is very fast. I've always been impressed with that. It's flexible. It give us a lot of opportunities for growth. It's been a very reliable product for us.

I'd like to see the federation piece made a little simpler. Working with Samuel in federation and those components, it can prove pretty challenging and that's where we've had to go outside and seek additional help on those areas. Their interface could use some work but they made great improvements with the 12.5 release. I think those are the primary areas.

I've found it to be a very stable platform. Unlike some of the other products we have in place, the up-time is very good. We find that it's very easy to establish high availability. We have to run a 24/7 shop to keep our customers happy and it's proved to be very reliable for us over time.

It's a very scalable product. From our perspective, we aren't much of a high volume customer and I know that based upon other customers that use the same product, they've been able to see a tremendous amount of growth with the product. We feel very comfortable that CA is continuing to improve it and move forward with the product for us in coming future.

I haven't had to use their technical for too much until recently when we were going through an upgrade right now. They've been very helpful in that role. We've got a couple consultants on board to help us out through the process and they've always been very reactive.

When you go through different management changes, a new manager comes in and they like different vendors so we've tested different vendors throughout it. We've been through some mergers and we've tried the Oracle's product and we were told to use that on some new systems. It hasn't proved to work real well. Now that we're moving forward, we believe that the CA SSO probably offers the best solution going forward for a single sign-on.

Like any other product, it's complex in setting up. You have to architect it properly and know how you want to set the product up and use it going forward, what platforms you want to run on. It does take time, but like any other major product like that, if it's done right it will work well for you.

While I think the vendor, it would have to be a large enterprise vendor who can support and offer the scalability that we hope to have in growth of a product. Our plan is to grow that into our consumer space, which will really expand the need for the scalability. I think those are the primary factors along with the support that you need in order to support a product like that.

I would say it's got to be an 8/10 because there's always room for improvement but I think it's a good product and I think an 8 would be a good score.

Recommendations: I would have them look at the same thing for scalability. Implementation is a component, ease of implementation. It can get complex so you have to do it right. Looking at those areas is very important but I'd highly recommend the product for anybody who wants to use a single sign-on.