Symantec Siteminder Reviews

The most valuable feature is that it allows a user the ability use the same credentials for different secured parts of a website. From a user-experience perspective, that's important because you don't want to have to remember or write down several sets of credentials. When a user comes into our website, they just want to go about their business, not spend half and hour trying to figure out how to log in.

SSO has been able to bring together many different pieces for authentications -- directories, databases, networks, etc. It's able to, for example, authenticate against ten different directories to give people just one set of credentials.

It seems that when there's a new version, patch, or service pack, we find bugs. There have been times where we've had to revert versions because of bugs. It has gotten better, however, and we used to have a lot more issues. There is still a lot of room for improvement in this area.

We've had no issues with deployment.

The stability issues we've experienced have some with new versions, patches, and service packs.

We have it built way above what we need. We have more servers than we need so that we're not impacted if one goes down. We've built in redundancies as well so that there's no single point of failure. We have a highly available system.

Technical support has gotten a lot better. We have a pretty complex environment and we used to have to explain it every time we opened a support ticket. Now the support engineers know our environment.

I'm actually impressed with technical support now because we have many different pieces to our SSO environment with lots of custom modules. They have their resources and can get back to us with answers.

It was initially complex because we had many directories. Upgrades, however, are simple. But there's no way to downgrade. You have to uninstall and reinstall the previous version.

My advice would be to set up several environments, including a sandbox where you can test upgrades and products without impacting users. Then have a dev environment for some users to test.

The most valuable feature for us is the user experience in being able to use one set of credentials to access multiple applications. Also, I've never seen anything that does what SSO does. The first time I ever saw SiteMinder/SSO was in the early days of Netegrity, which was version 3.0.

It allows us to be able to collaborate with external partners, such as the government, in such a way that we're able to find out what they're actually looking for in a product we provide.

We've been looking for a tool that can help us do a better job of monitoring and of helping our users. Unfortunately, SSO doesn't really allow us to do that. We have to basically do it through brute force.

We've recently purchased a product called IdentityLogix which is going to help us do it. We looked at IdentityLogix for two-and-a-half years and we recently purchased a license from them. We'll be setting that up in the next couple of months. It should also allow us to see some analytical information that we're not able to see right now without doing, like I said earlier, brute force.

Currently, management wants to see how many authentications we have daily and monthly. And in order to do that, we have to write our own scripts based on certain logs, and that's not something I really want to do. If SSO could do that for me, that would really help me do my job better.

I haven't encountered any issues with deployment.

We've been using SSO since the Netegrity days. So for the last ten years, we've seen some bugs, but lately much less than in the past.

We have a highly-redundant system. We haven't had to do anything else to scale it up any more than what we've already got.

We've had a designated CA support engineer for the last four or five years now. Some have been mediocre, while some have been really good. Overall, technical support is very good.

I used Netegrity 3.0 in a previous job.

For the most part, the installation and setup of it with SiteMinder for the policy server aspect of it is fairly easy. For the web agent aspect of it, we've run into issues and have had to call support or refer to old notes from prior installations. For the most part, the setup is between easy and medium difficulty.

SSO is a very robust application. It's very easy to administrate and use. Users don't even know you're using SiteMinder or SSO. They just think they're on a website. I can tell by the URL that a company is using it, and I like that. It makes me want to use that company more often.

We are talking about the authentication products in general. What was previously SiteMinder, AuthMinder, some of the risk based authentication products that they have. I think the mainstream use that we have for the products are probably around web single sign-on. Being able to sign on to applications, the users not having to authenticate again. One of the good features we get out of the product as well is to be able to include different authentication methods. We use username and password but we also use smart card authentication, which is very key to our company.

Two factor authentication based on hard token effectively. Yeah the main thing I guess is, well two things. One is end user experience, so single sign-on. Before the product was introduced, we had multiple sign-ons to different applications. End users have to enter their username password multiple times. Now of course with single sign-on they enter it once and then during that session, they no longer need to authenticate again. The second thing I think that is important also security. It’s a secure product. We can make use of two factor authentication with the product and so from a security perspective, it gives us strong authentication. Our solution has to be basically 99.9% available, which means we have to have the highest availability out of the product that you can rarely from an IT system

We have deployed it in a very highly resilient and with a very strong PCM component. Ability to fail over within a datacenter and the possibility of failing over between countries and datacenters. It scales well, we have 200,000 users that's not simultaneous or you are all using it at once but certainly it scales events. There are advanced features that would mean that we need to look at scalability so it does authentication, does also authorization. If there is heavy authorization traffic then we really need to also look at how we scale that up. It can’t scale. It’s just a question of putting in more servers, putting in more infrastructure to allow it to scale.

To be honest, I don’t get involved with the operations side too much. I am an IT architect so I look at the overall architecture of the system and then how to introduce new requirements and how they can get fulfilled but my impression certainly is that the support is good. It has to be very good because we have a 99.99% availability, so if it wasn’t good we would’ve moved off it by now. I would say it is a relatively complex setup. We have a relatively complex environment so with all of the availability requirements we have, it is quite complex but having said that, it is no more complex than any other enterprise systems that has to be highly available.

I wouldn’t say it was overly complex but there's complexity in it. One of the reasons we are here today is also to understand what features there are in the future. I think for me as an architect, I look at what the emerging trends are. We have a lot of new requirements; mobility is a big one for us. Bring your own device, being able to authenticate on mobile devices securely, being able to make use of multiple applications right on that mobile device. Being able to integrate with containers for example Citrix, also with the changing old pricing models we have, a lot of outsourcing, a lot of software as a service, we need to be able to improve how we have authentication to the cloud, federation capabilities and that sort of thing. There is a lot that we can do to go forward.

At this point I'd rate it about 8/10. One of the biggest things is availability. Availability, scalability, you really have to make sure you understand the scale of the deployment and what your requirements are around availability. Certainly in our company it has to be the highest scale, highest availability. Don’t underestimate the amount of testing you have to do, the amount of stress testing, load testing, because this is critical infrastructure. This really is the front door to all the applications in the bank and if this goes down, the bank has stopped working. Quite simply you have to make sure that you do all of the testing required to make sure that product is absolutely rock solid.

I think it is very important to do your due diligence. You need to do your research into what is out there and what is best to meet your requirements. That said, I think there is nothing really that can replace doing a proof of concept. You have to do a proof of concept, because no matter what the vendor says, no matter what other people say other blogs or other reviews, your involvement is always going to be unique. There is always going to be something that you need that maybe other people haven’t done before. Be that some authentication method, some authorization method, the number of people you have, your topology of your network.

There is always to be something. Take all of the other information in but you must verify yourself. I think you have to really understand supportability. Quality of the product, so you have to trust the quality of the development methods, the testing that it scales to how you wanted to scale that you’ve got examples of the product being deployed in similar types of organization, similar sizes, and similar industry is important. Yeah I think they are the main things really.

CA Single Sign-on is actually our main access control solution which we use to protect our websites, portals and applications, which are exposed internally as well as on the cloud and externally, as well as commercial applications.

It was very hard to get the end user experience in favor of like you login into one website and then you don't need to login into other website you can just click on the link and go over there. CA Single Sign-on has helped us a lot. The user only needs to use credentials once and then they can single sign-on into other websites which are already integrated into the CA Single Sign-on product.

Overall I'd say we're very satisfied with the product but yes, we had outages and performance issues but again I think based on the load and then how we're increasing our applications which are integrating into the solution. We have to do the technical and architecture review time to time to increase our capacity. CA has helped us with the architecture review and with the suggestions to take on the load. Definitely we need to add more servers, more capacity and also we need to go through the architecture review process there.

I'd say the speed to upgrade because I think I heard in the conference that they are trying to go with agile, getting new features in like period of months, a couple of months. That makes it very important for product management team to make it simple to upgrade. That's one of the biggest feature I'd suggest I'd like to see that if they can make the upgrade process simple. Overall I'd valuate it around 7.5 to 8. Definitely even when we select the vendors the product has to be best in the breed in the market.

I think we have a very good relationship with CA. I'd say because I think being a major access vendor product for us it's very crucial for our help cloud as well as our internal applications. We having a tier-1 support from CA and they have been very response whenever we have an issue, I think we get appropriate response from the support. I think right now we're using the solution for our cloud services which is having around 4 million users. I think it will grow to around 11 million plus users by next year and we're actually counting on the Single Sign-on solution to take the load and still meet our requirements.

Yes it can be complex, I think that's one area we have already given feedback to the product management, that is a little complex to get the set up and get it going and the upgrade process is very complex. Again it takes time to get but I think once the product is installed and it's there then definitely the stability is there. The complexity is the number of components involved in the overall installation and the education part. Like if we don't have skilled team members definitely it needs people with proper skills set to understand the product, different components, the app layer, the database layer all those components makes it little bit complex too to install.

For us the support and maintenance matters most there because once the product is implemented but if we don't have good support at all so that makes it very difficult to run the product. For us, yes the stability plus support is very important. I'd definitely say, do use them to first of all note down all the use cases whatever they want to achieve by implementing SiteMinder. Definitely SiteMinder has a lot of features, a lot of capabilities at all but usually it's not possible for everyone to use each and every feature.

I think based on the business requirements, application requirements they should first list down what are the main criteria or their use cases and based on that they should go with the implementation. That's very important for us because yeah, definitely when a vendor comes in and they tell us about the product and the features which can meet our business needs definitely that helps. Again as I mentioned for us support and maintenance is very important so it's not just once the product is in house and we're done with it.

We definitely look for possible forums and get the user reviews, go to the user groups so that we can find more about the product and supportability. I think we’re early adapters of it when we choose it like it is or it's still the best in the breed product available in the market.

Its flexibility and ease-of-use are the most valuable features.

The objects are tied together well in the administrator UI. It's flexible and easy to use, and the the policy store schema has been structured well.

It provides auditing and secure cookies, as well.

It provides security and protects end-applications. Auditing is good – it does a really good job of gathering all the transactional data. Anytime a user initiates a transaction, all of the information is captured.

It is very good. I have been working with the product for a very long time and have had no problems directly related to SiteMinder or its capabilities – only issues with our underlying infrastructure. There were a few things that CA has already addressed.

It scales very well. You can scale it horizontally or increase threads or socket configurations within the solutions.

They’re really good. Very knowledgeable. I had a policy store corruption – they were able to help me fairly quickly, in a reasonable time.

I’ve been doing it for a long time, I can say it's medium-level complexity. The policy store configuration, and tuning the policy store is a bit complex in ensuring it does not corrupt.

It is easy to implement, use, and scale. There is room for improvement as with any product. It’s solely based on what their requirements are, their user population, and their enterprise environment.

It provides good security as a single sign-on tool and is easy to integrate with various applications. Also, the admin UI it provides is very user-friendly.

It provides end users with SSO to our applications – they log in once and they can access all of our applications. It’s simpler, more secure, and involves less time for the end users, giving them a better experience with us.

I'd like to see authentication using biometrics. This would be a nice addition.

Although the policy server has sometimes spontaneously restarted, it’s mostly good.

It’s scalable; you can add new servers and away you go. If we add more users or more load, it’s easy to scale up.

They are very helpful – always there when we need them. We had a problem with their impersonation solution with our application. It was not working with the existing version, so we called them and they determined the right solution was to downgrade.

We also have support tickets for other CA products and they are very responsive – on time and are helpful.

It was already in production when I joined the company.

It provides a good UI for us, and it provides a good solution for our needs. As a standalone product, it's good.

You should understand the user setup, requirements, how you want to service the users, and their infrastructure. Based on this information, you can find the right solution.

For us, it’s the best-of-breed pick on the market today. More importantly it’s the least complex enterprise solution that we can manage. It integrates well with multiple applications in multiple environments. That’s a big deal for us.

It makes it easier to find all the policies we have in place and run. Less work for me!

One big problem we have is keeping track of the various patches and bug-fix releases. They come out for different platforms (Windows, Linux, etc.) and it’s complex. It’s tough to keep up with all the releases and bugs that get fixed.

It’s complex compared with similar products out there.

It’s stable and mature, but we’ve had challenges as we grow. We see glitches here and there, and a little bit of latency in performance.

We have challenges, performance issues for which we’re unable to find the root cause as we scale. But we’re working with CA on this.

It’s excellent. We’re able to get enough attention for fixes. Sometimes the cycles are long, but it’s still good considering what we need.

The initial setup was not straightforward. It definitely has its learning curve.

It loses points because of the performance issues when we scale, which has to do with the complexity of our environment. If it’s out-of-the-box, maybe others don’t have this issue, but we do because we’re large.

I helps us to secure all of our web applications -- internal or external- or customer based, or provider-based, or partner-agents -- with access control. It's a one-stop shop. We can have a single user interface that has centralized policy-based and rule-based access controls.

It's easy to execute, robust, and secure.

Identity Manager and GovernanceMinder should integrate better. Right now, they have started integrating it, but it would be helpful it were fully integrated with the other security products.

We've had no issues with deployment.

This is one of the robust and stable product I have seen in my sixteen years of IT experience. I'm not exaggerating here, but that is the way it worked. Very few instances we had real failures. When you have a product this stable, you can depend on it and get on with business.

Right now, our load is one million customers and about fifteen thousand internal users. We have web services we use and, this maybe looks so silly, but we didn't really have any major issues with SiteMinder. When my company began in 2003, we had two policy cycles up in production. Now we have six policy cycles. And it's scaled for us without problems.

When I came to the company we used v5, I believe, but I did two major migrations, a migration to v6 and then to v12. It's a very straightforward and smooth transition from version to version.

Make sure your architecture is defined properly.