Symantec Siteminder Reviews

It provides single sign on for our company’s intranet. With that, when you log in, you don't need to enter your name and a password. It provides simple, secure access to company's intranet sites.

It was not stable when I got there. The more recent versions have been stable.

They have some strong performers, and then there are some other guys that we get and find that we need to ask for the case to be reassigned. My staff is pretty highly experienced, so they really need to work with the stronger support staff.

If someone came to me for advice, I would ask them specific questions about exactly what they need to secure on the internet, and how much of it they need because I think that one drawback to this product is that it's too big. It's too much of a beast. A lot of times, small to mid-sized companies really just need smaller bits and pieces that are available from other vendors, rather than tackling this whole beast. One thing that other vendors might do better is doing more with less with less cumbersome installation.

The most important criteria when choosing a vendor is the product's stability, so we consider overall impressions of the product’s standing in the market. Does it have good reputation for being stable? Is their company, overall, stable? We also look for ease of use of the product.

The best feature would be single sign-on across multiple applications for our customer-facing sites. We don't want our customers to have to enter their user ID and password multiple times. We have a suite of a dozen or so sites as well as about 200 external sites that we federate with. Single sign-on is important, and federation is important.

We have a standardized way of integrating with applications so the application owners don't have to handle authentication or security. We handle that for them, so we use the burden from other application owners.

It puts the expertise around authentication and security on our organization where it belongs. The company doesn't have to depend on each individual application to maintain their own security. This allows us to really maintain control over the security aspect of it.

It's also enabled a quicker time-to-market for new applications that have to handle user ID and password security.

A more modern management interface would be nice. The existing interface feels like it's about 10 years old.

It's been probably about 10 years since we integrated with it.

We've had no issues deploying it.

It's been stable for the last 4-5 years, though we had some significant issues early on. We had some performance-related issues that caused some outages. Outages actually happened pretty frequently back then. If one centralized authentication mechanism went down, all the applications that depend on it were also unavailable. We've gotten past that, so we're much more of a reliable, robust platform now.

We serve about 10 million users all over the country in the US. Scaling it is not a problem as we just add more servers at that point. The one good thing about SiteMinder is that to scale you basically just add more servers. You can piggyback, use the same basic architecture, and just add more.

We have support contracts with CA, but it's hit or miss. We have to have an escalation path with a direct red phone to senior management support because of the nature of our contracts. We had to utilize that frequently, rather than go through the lower-tier support. Our infrastructure is different enough than CA's reference infrastructure that we take a lot of time to bring somebody new up to speed. We have a direct line to people who really know our implementation pretty well, and have been working with us for a number of years, so it helps.

Some years ago we had some other vendors early on. But we've got a pretty well-established build out with CA right now, so if we have some significant new functionality in the future, we'll certainly look at other vendors too.

There's a lot of manual work that has to go through transferring a configuration from a lower environment to an upper environment production, so be prepared for that.

Customer was looking for initially an automated self user registration through a secure channel. Apparently it looks like a very easy going requirements but if you look in the detail they want to authenticate before registration process. A user came to create an Identity and customer wants to authenticate and securly takes the same data. 

Another issue was localization and reporting 

If I describe what actually happened, a little bit of the business case, that will help you to understand what it was like. The customer is the kind of customer that really doesn't want to share anything. When a person joins that organization, he has to pass through a couple of security levels, the scrutiny, before the ID is given to him. They used to use a manual process. Whenever a person joined the organization, they used to take his details; they used to write on a piece of paper; then this paper used to go to one of the departments; then it goes to another department; and so on. It wasn’t just a matter of going from one building to another; it was going from region to region.

Finally, this paper goes through a couple of scrutiny procedures. Then, it used to come back to the IT department, and finally, they do their security check and they create the ID and give it to them in an envelope. That was a kind of long procedure that sometimes took 2-4 months to create the ID; just an ID for a person. It was a challenge for the customer for the last 20 years.

We were doing that project and during that project, we found that the project owner wasn’t trusted. The project sponsor wasn’t trusted to just change this overall but they had this security constraint. What they actually wanted was that when they create the ID, they want this person to be authenticated. Generally, this is not the case in any organization, that somebody joins an office and he doesn't have any ID. So, how are you going to authenticate it?

What happened was that what we've been told, “Will you guys do this? Authenticate through a national database? We want, when a person is going to join us and he will request an ID, he should be authenticated through a biometric and that fingerprint will take him to the national database, where he will check in and it will come back to their IDP, their identity provider. They have it internally, and then, we will pass it through our system.”

Now, this was a challenge because in CA Identity Management, when you have a self-user registration page, this page was open so anybody could go and open it. We needed to protect that page, and on top of that, this information had to be protected to a third party. What we did is, we brought a couple of products in the middle of it: CA Federation, CA Single Sign-On, and CA Identity Management.

What happened when the user got authenticated with his fingerprint, it comes to the IDP, we have federation through CA Federation and then, once it passes through it, we have CA SSO, which is protecting the identity management page. Once it gets past this information, it comes to the self-user registration page, but here's another challenge: You've been authenticated but now you have a page which is open. I can authenticate myself and put someone else through the system. That could be a possibility, so we had a problem.

What we did is, we just pulled the data out from the third-party, national database and brought them to the CA identity page, to the self-user registration page, and all his names, IDs, and phone numbers, come in automatically. Then, it goes through several approval processes. Finally, the ID is transmitted over his mobile number that is in the national database.

That kind of work we have done. There are other challenges, as well.

The most valuable feature is that it meets the requirements of the customer. You have a lot of features in the product. Every product has them, but the question is, are these products going to meet the requirement of the customer? Because, if you meet the requirements of the customer, then it's way too easy to get inside the customer. We met the requirements of the customer and that's why I believe that this product has value.

I think the future release is, if you ask me, I think they have done a lot in the new release, especially the front end. The front end was not as good. CA did a good job in doing it, especially when I look at the new identity suite. They have done a good job in changing the overall look and feel. This is actually what the customer was looking for. The look and feel was not good in the earlier product. It's a journey, so we just completed one of the requirements for the customer.

CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together. If an enterprise customer has all of these three or four modules for security, he will get consolidated reporting.

A problem we had with the customer was, at the moment, we were asked, “Are you able to integrate these products together?” Were we able to get the requirement done for the customer, as a business requirement? The reporting side we were unable to do it out-of-the-box. If CA consolidates the reporting for all three together, it may be easier. I'm not sure, but it may be easier.

No at all.

We are changing the architecture to scale it.

Customer Service:

An eight out of 10.

Technical Support:

A seven out of 10

No.

It's one of most complex requirements as explained earlier.

CA Partner implemented it

Time value and money.

CA solutions.. Are generally expensive but for the customer the ROI is big.

Yes

When you are looking for a security solution, products are there in the market, but you really don't want to go for a product that looks very beautiful from the front but has very bad stuff in the back end. One good thing is that CA has, I believe, that is has an edge. It allows me do a lot of what the customer is looking for, beyond the customer; beyond the product boundaries. They are certain things that we would not be able to do if this CA solution didn’t have this flexibility, and it's highly secure. It is a highly reliable solution to work with.

We implemented the solution almost a year and a half ago and up until now, there has been no downtime. It is reliable; it is good; it is open for customization; it is open for integration.

From my experience working with CA for almost 13 years, it’s a company. I'm not saying it’s specific to a solution. I'm talking about CA in general. It's a company with a solution and the company with the right solutions.

I have explained the journey of how these solutions (not specifically CA SSO only, but their entire security suite, including Federated Identity Management) met the requirements:

• The customer was looking to have a self registration and password reset portal for their organization but they don't want to leave this portal open and accessible to everyone without been authenticated. This was only challenge, which I have mentioned it.
• Second solution, open for customization for security from different datasources.
• Thirdly, localization of this solution. Eventually, if these solutions have only listed features and it works only what they present. For sure, we wouldn't be able to achieve it.

There are critics and these critics help CA to build their good solutions.

Extraordinary product; extraordinary flexibility to explore and meet the requirements of the customer.

The security and single sign-on (SSO) features are the most valuable.

It's one login. You log in once and you can access all of the applications that have been integrated into SSO. That's the main advantage that we have seen in the organization.

I would like to see more usability; more customer usability.

Stability is good. The security by CA is good. It's a great company. In England, CA is very good.

Scalability is also good.

We always use technical support when using these solutions. It's okay, with response time, for example. If you have any issues, you open a ticket to support and there are some very good support technicians. I know most of them. However, I do know quite a few of them that are not that knowledgeable. That's where the frustration comes in, when you really need an answer. When the ticket is assigned to that tech, you cannot be switched and start over. That's the only thing I faced. Other than that, if it goes to the right tech that knows the product, boom!

With the initial setup, there was some complexity and some straightforward things.

Cost is the most important criteria when selecting a vendor.

I think the most valuable features are handling user authentication and integration with the other applications within the suite, like Single Sign-On.

Multiple users with multiple applications can be authenticated in a single location.

I really can't answer this right now. We have so many other products that serve our needs. There are other vendors that satisfy some of our requirements, so I'm not exactly sure what CA would be able to provide us with.

For the most part, SSO is very stable. Since deployment, it's been very stable for us. We do very regular metrics on availability and we're in the high, high 90s, 99% I think, so it's a very stable, durable product.

I think there are some drawbacks to the scalability. At a recent conference, we heard that it's going to be a lot easier to scale for larger companies. That's going to be good in the future.

Sometimes technical support is slow to respond, and that’s typical. Normally, the first response is, "send us your logs", so they can review our environment. There are specific people assigned to our account, so they know what our environment is like, but they still want to have the log so they can look at it. Sometimes that slows the process of problem resolution.

This decision was made before my time. I came in when the decision was made to go with CA for identity management. Our company was going through a transition of ownership and all the decisions were made at the time. That was about 7 or 8 years ago.

I came 2 or 3 months after the initial setup, so I wasn't part of that. We had a third-party company help us with our development and deployment, so they pretty much took the ball and ran with it. I don't know how complex it was for them. When they presented it to us at deployment time, we were ready to go.

We were looking for anything that would have satisfied our requirements.

Make sure you know who your support staff is, who your vendor representatives are for your account and really get to know them. Give them the requirements that you need and make sure that they're following through. Build good rapport with them. That way they can help you determine what you need to do and feel free in giving different types of suggestions.

When selecting a vendor, we look for:

• responsiveness
• technical support of the product
• accessibility of the technical support teams
• product knowledge
• ability to train their customers on their product

We use this solution for applications and portals for a bank in Colombia.

The solution has saved our company from a lot of problems.

The solution is easy to use for our managers.

We did not have any issues with the stability of this solution. We have approximately 5,000 clients using the solution.

The solution has been scalable.

The technical support could be better.

The licensing is fair for this solution.

I rate Symantec Siteminder an eight out of ten.

Obviously, the most valuable feature is the flexibility of the solution, it being able to be integrated with a number of applications and solutions; and also, the configurability of the solution.

Security is a big concern of our client and it is certainly something that helps the client be able to secure the application and provide a better user experience; doing a single sign-on instead of multiple logins, for example.

I've seen a lot of analytics capability being built in for a number of products. Obviously, I want to be able to use analytics on CA SSO as well.

The client that I manage it for has used it for four years already.

It's a stable solution. It's been in place for quite some time already. There aren’t a lot of operational or technical issues that are related to the system, so it's a stable solution.

It has been scalable, to us, at this point in time. It's been able to support quite a number of applications for our client. It's scalable to us.

Technical support has been great. Generally, support is very responsive, timely, and obviously, we have account support folks that we can reach out to, to be able to support us if there's any technical issue.

With the setup, obviously, with a large organization, there are quite a number of things to be done. There is some complexity involved, but generally, I would say that it's been quite successful.

We knew we needed to invest in a new solution because, obviously, again, security is a main concern of a lot of clients. Generally, the solution is stable, it's one of the leaders in the market, and it was chosen to be implemented.

I think what we will be looking for when selecting a vendor is in terms of support, technical support, when there is an issue. I think that's a key component to us when we implement a product. We want to be able to deal with issues when they arise. Can we support it? That's what we will look for from a vendor.

Generally, it's been a great product for us to use. It's been stable. It's been a good product.

We use Siteminder to protect our portal site subscribers. In our case, this refers to people who have dental insurance.

We're a dental insurance company and we've got millions of subscribers.

We have thousands of dentists. We have millions of subscribers who use our dental insurance. There are a couple hundred thousand providers (dentists) in the network. 

SSO affords us the opportunity to have a federated connection between our members, groups, and companies. 

We have a trusting partnership with everyone involved. This solution helps us in that aspect. In summary, it protects our applications, relating to benefits and eligibility, etc. 

It gives providers (or dentists, in our case) the ability to transpose across the different Delta Dentals without having to authenticate more than once. With Siteminder, We don't have to log into every site with a different user name and password — It's one identity for all sites.

Some of the new protocols, like OAuth 2.0, could be improved.

It would be nice to see a better cloud-based solution that's both easy and accessible for all organizations.

I have been using Siteminder since 2011.

Symantec Siteminder Is both scalable and stable. If you need to add more groups of members, it's just a matter of adding another web agent. It's very scalable.

I work with the technical support guys all of the time. They are excellent. 

Since I've been doing it for years, it's hard for me to say it was complex. You have to set up the realms, domains, ACOs, access control, configure the objects, and set up the databases. Speaking as a technical person, I think it could be a little more simplistic, but on a technical level, it's about even with the other solutions available.

Symantec Siteminder is expensive; they could definitely do better on the price.

If you're thinking about implementing this solution, make sure you have the proper infrastructure. Also, try to negotiate the cost.

On a scale from one to ten, I would give Symantec Siteminder a rating of eight. If they fixed some of the issues I mentioned, I would give them a higher rating. There's a lot of players out there that are only doing half of what Siteminder does, but they do it with the more advanced protocols.