Symantec Siteminder Room for Improvement
The performance could be better.
The support could be faster.
Sometimes when your customer has a legacy application and they want to make a single sign-on, you cannot do it with SiteMinder.
The solution doesn't support client-based Java.
You do need to be pretty comfortable with the product in order to use it.
The product needs to invest in enhancements. They are not innovating anything lately. The competition is beginning to pull ahead of them and they are getting left behind.
The cost of the product is a bit high.
View full review »One of the features that needs improvement is the capability of implementing single sign-on in cloud. As a client-server model, we depend on the IP addresses that break when we move into cloud, so more of a REST API approach is needed.
There are still areas in this product that need to be improved, as in every other product.
CA has come up with and has talked about Cloud-based solutions. I would like to see more mature ideas than what they're providing. I'm sure they have that on their roadmap. There are certain integration points that can be leveraged and made more easy to deploy, like the REST APIs and things like that. That is an opportunity to make deployment easier for any employer or for any company. They are talking about it. It’s going in the right direction. That’s for certain.
View full review »Buyer's Guide
Symantec Siteminder
March 2024
Learn what your peers think about Symantec Siteminder. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
A simple feature that still does not exist but it should be implemented as soon as possible, is that if a user is accessing an internet app from the internet, then it should perform a desktop single sign-on. But, if the same application is accessed outside of the network, the users should be given a page login. I don't want customization to implement this behavior, since this should be a simple configuration within SSO functionality. This should detect whether you are accessing from inside/outside of the network and accordingly present the authentication. This feature does not exist today and it is something, that almost all our clients ask for.
View full review »I would like to see reporting, REST-based queries. Reporting is a big one for us. We want to be able to put in the URL and get a list of all of the access that that URL has. On the flip side of that, one could put on a LDAP group, and program this LDAP group to get access to all of these URLs. That's something that we don't have today, and we're actually trying to build that. It would be nice if that was built into the product, and be API driven. Anything that we can do in the user interface, we want to be able to do that programmatically through SDKs, or through a rest interface. It's all about automation stuff. With everything moving to AWS right now, we have everything automated with CA Single Sign-On, except for the installation. That's the main reason behind my rating.
View full review »We go by agents for authentication; anything relating to agent configuration could be improved, or even agentless security.
Also, reporting on analytics and the health of the system could be improved.
View full review »HD
reviewer1742655
Sr IAM/PAM Engineer at a retailer with 10,001+ employees
An area Siteminder could improve on is that there are a few limitations, in terms of new protocols for OpenID. If I want to have different scopes, the features are limited. They also do not have APIs exposed, which is a major drawback. API is a feature I would like to see included in the next release.
View full review »The OpenID Connect piece, we would like to see the new technologies baked into the product, as opposed to going out and using a different product to accomplish the same thing. So OpenID Connects would be great, to have that kind of plug-in, into SSL without having to go in and install new products.
I'd like to see the federation piece made a little simpler. Working with Samuel in federation and those components, it can prove pretty challenging and that's where we've had to go outside and seek additional help on those areas. Their interface could use some work but they made great improvements with the 12.5 release. I think those are the primary areas.
Better support. It would be great if they could move to the AWS model where we could open up a chat with the support person immediately instead of opening up a case. We’d love to see them implement screen sharing to expedite the support process.
View full review »SH
Software4a0d
Software Engineering Consultant at a retailer with 10,001+ employees
I've talked to them about this: I'd like to see a rework of the user directory configuration. In Single Sign On, whenever you set up a new user directory, there is a pretty specific number of hoops that you have to jump through in order to maximize throughput between Single Sign On and a user directory. A lot of those aren't documented, so the only way you typically get that information is by engaging CA support, which, if you don't think you need to do that beforehand, you're going to have an unpleasant surprise when you cut over.
So, either reworking the user directory configuration would be great, to make some of those hoops that you have to jump through unnecessary, or redundant. Or, failing that, reworking the documentation for setting up the user directory, explaining the rationale behind why you have to do the things you do. Because, if it were documented, at least then you'd be able to set it up effectively without incurring downtime, as you find out how to do it the right way.
View full review »We've been looking for a tool that can help us do a better job of monitoring and of helping our users. Unfortunately, SSO doesn't really allow us to do that. We have to basically do it through brute force.
We've recently purchased a product called IdentityLogix which is going to help us do it. We looked at IdentityLogix for two-and-a-half years and we recently purchased a license from them. We'll be setting that up in the next couple of months. It should also allow us to see some analytical information that we're not able to see right now without doing, like I said earlier, brute force.
Currently, management wants to see how many authentications we have daily and monthly. And in order to do that, we have to write our own scripts based on certain logs, and that's not something I really want to do. If SSO could do that for me, that would really help me do my job better.
View full review »We’d like them to go back to the C version of the admin console. It was much smoother than the web-based version. Everything else is pretty good.
View full review »Some of the features need to be improved. For example, the Federation feature. CA SSO is getting into that space and can definitely do better than the other products that are available.
It doesn't have a lot of features. I think there is some customization that's required on the CA Federation side if it has to get attributes from a different source. If an authentication has to happen in one source and then get attributes from some other source, then there's a requirement to do some custom coding work.
View full review »With CA Identity Manager, the integration support with other technologies is still not mature enough. CA IDM still has a lot of moving components. Oracle and SailPoint solutions are much simpler and robust, although we are using CA because we have licenses despite it needing to be simplified.
View full review »Upgrades is the biggest area for improvement. It really struggles with the upgrade process. We tell CA this pretty often.
View full review »I would like to see a move towards the newer technologies, which is what we are doing right now. I think that's in the roadmap that's coming, in the 12.8 and 14 releases, but we would like to have it sooner than later.
We would like to the OAuth be more stable, more issues being fixed rather than not.
We're pretty happy, but there are some scenarios with the new stuff, like OAuth - where authentication happens from Google, Amazon - in which they're still lagging right now. They're developing it, but we have been using SSO for a long time and Oauth capability was not there, and it recently started this year. So we had a little bit of a question, "Should we still use this product or we should go to another product?" That was the one concern.
We would like to see more information on the analytical piece of it. There are certain other components which are integrating, advanced integration, that might add value to it. We would like to see the CA SiteMinder by itself provide threat analytics, depending on behavioral authentication and so on, without having to add an extra piece to it.
View full review »One thing that we found a little difficult, was the default functionality to understand error messages coming back from a directory. You had to either use an add-on product or an advanced password service or perhaps change components within your directory, just to understand a simple message whether if a password has been expired or if it was incorrect.
Since then we have bought an additional SM Walker product, which is a third-party solution to resolve this issue. However, it would be nice if that aspect of the solution was a default functionality, within this tool itself and not something that you had to purchase as an add-on feature.
View full review »The documentation is not good enough, particularly the installation documentation could be improved. Some things are left open to interpretation and others are simply not documented at all. CA will take liberties and make assumptions that your system is a certain way, and so the documentation is based on that.
View full review »NJ
reviewer1266123
Assistant General Manager at a computer software company with 10,001+ employees
Since we're in the early stages of examining the solution, it's hard to predict what might be lacking.
We're currently unable to find information about if the solution can do a full implementation with SQL. Some better and more accessible documentation for new users or those curious about the product would be helpful.
We want to implement a simple application. Currently, from what we're finding, we're not sure if it would work the way we need it to.
View full review »I think they need to integrate some of the newer types of authentication into the product. I'm not seeing the innovation when it comes to biometrics in the product.
Also, easier integration with third-party partners to OpenID Connect because username/passwords are a thing of the past. People are going to be using facial recognition. Apple has gone that way. There are other companies like Daon that are doing this. CA SSO will be left behind if they don't have it yet. There's some innovation being done, but it's not there.
Improvement is being made all the time. I just came out of a session here at the CA World conference where they showed how you set up Federation partners is being improved, through more APIs. Making life easier for the engineer is always important because we are lazy in general. So improvements are being made in that space. There's more to be done, like how to make configurations easier, and not have the engineer having to guess what will happen when he changes a particular setting.
View full review »As we are moving in to the mobility space, this is where we really see SiteMinder and their other product really come together to provide a solution base to a different area where the IoT is coming, the different business communications are happening. All of those things require authentication and we really want to see this product grow into that role.
View full review »Overall I'd say we're very satisfied with the product but yes, we had outages and performance issues but again I think based on the load and then how we're increasing our applications which are integrating into the solution. We have to do the technical and architecture review time to time to increase our capacity. CA has helped us with the architecture review and with the suggestions to take on the load. Definitely we need to add more servers, more capacity and also we need to go through the architecture review process there.
I'd say the speed to upgrade because I think I heard in the conference that they are trying to go with agile, getting new features in like period of months, a couple of months. That makes it very important for product management team to make it simple to upgrade. That's one of the biggest feature I'd suggest I'd like to see that if they can make the upgrade process simple. Overall I'd valuate it around 7.5 to 8. Definitely even when we select the vendors the product has to be best in the breed in the market.
Better documentation. I went through some sessions on single sign-on for version 12.7. Whatever features we are looking for from a REST API perspective, they will be there. So far, it is good. We have to implement it, and figure out what is good or bad about it.
There are a few other competitors which are taking up advantage over the segment being more agentless. SiteMinder is more driven with agent-based authentication, but the others are going with being more agentless. So, we have to go into the more next gen technology, where other vendors are going into, and that is where SiteMinder is lagging behind. The speed at which they are bringing up these features, it is very slow.
View full review »It seems that when there's a new version, patch, or service pack, we find bugs. There have been times where we've had to revert versions because of bugs. It has gotten better, however, and we used to have a lot more issues. There is still a lot of room for improvement in this area.
View full review »I can't think of any additional features I'd like to see, as it does everything we need.
View full review »There is a considerable improvement in the product from previous versions, but a few items we feel need a little attention are the web agent installation process and steps – as it behaves differently on the same OS.
Improvements are also needed in the password policy template customization and it's missing the required documentation to do it.
The knowledge base needs to be enhanced as there are very limited resources on the web while debugging issues.
View full review »I would prefer to see their SAML integration be a more streamlined and easier interface, more like PingFederate's interface. Their product works just as well for that use case, but we do not use it, because it is a much larger learning curve to get it running.
View full review »- I would like to have a really simple interface; a more modernesque, cloud-based interface, with dynamic real-time information on the various configurations or object configuration points that associate with the applications.
- Ease-of-use
- Smarter error messages
I think our questions, from me and our team, relate potentially to other products in the CA portfolio. There are other things such as strong authentication, risk-based authentication, and especially API management, which all represent a portfolio that could be integrated. Our interest is knowing the roadmap for making those part of a more seamless offering. If you like, it's the aggregation of the features of all those products, and how they come together.
View full review »The admin UI needs to be more stable. They should bundle more of the products and get rid of a lot of the small pieces which we need to configure on the top of the initial setup. Examples of this are the SM Console and the registry.
It should be easier to implement and deploy; and it should support more platforms, such as more operating systems.
View full review »I'm not sure that it needs to do any more than it already does. I think as a solution, SSO works pretty well out of the box today. Out-of-the-box integration with other products would be an improvement, like the API Gateway; how we use the SSO in the Cloud organization and Sandbox; those kind of things. I think that's solved in this kind of integrated solution. But it would be if that was supported out-of-the-box.
But I think it's good. We're not in any major problems right now, so things are good.
View full review »One big problem we have is keeping track of the various patches and bug-fix releases. They come out for different platforms (Windows, Linux, etc.) and it’s complex. It’s tough to keep up with all the releases and bugs that get fixed.
View full review »It’s never been an out-of-box solution except for IIS, which installs web servers for you. Basically, you do a bit of configuration, and the client on the other end is heavier use. That’s the beauty of SiteMinder -- you can do anything with it.
It’s really difficult to initially configure, but once you know where the traps are, it’s not a big deal. It’s done everything we’ve needed it to do.
It could use better air handling -- if your policy doesn’t work, you just get some dots instead of real information without looking at the logs. It would be nice to find the info without hunting in the logs.
View full review »I would say advanced authentication, but they have another product for that. SSO could be merged with automatic authentication, so if I want to use those services I could depending on our requirements, rather than having two different products installed.
View full review »We are definitely looking forward to versions 12.6 and higher because they are based on a 64-bit framework. We are looking forward to leveraging this to get better performance out of the product.
View full review »A more modern management interface would be nice. The existing interface feels like it's about 10 years old.
View full review »UA
umairakhlaque78
Sr. Manager at Duroob Technology
I think the future release is, if you ask me, I think they have done a lot in the new release, especially the front end. The front end was not as good. CA did a good job in doing it, especially when I look at the new identity suite. They have done a good job in changing the overall look and feel. This is actually what the customer was looking for. The look and feel was not good in the earlier product. It's a journey, so we just completed one of the requirements for the customer.
CA has reporting at the moment. With the reporting, every particular segmented product has a reporting engine. I would like to see centralized reporting for all of them together. If an enterprise customer has all of these three or four modules for security, he will get consolidated reporting.
A problem we had with the customer was, at the moment, we were asked, “Are you able to integrate these products together?” Were we able to get the requirement done for the customer, as a business requirement? The reporting side we were unable to do it out-of-the-box. If CA consolidates the reporting for all three together, it may be easier. I'm not sure, but it may be easier.
View full review »I would like to see more usability; more customer usability.
View full review »I really can't answer this right now. We have so many other products that serve our needs. There are other vendors that satisfy some of our requirements, so I'm not exactly sure what CA would be able to provide us with.
View full review »I've seen a lot of analytics capability being built in for a number of products. Obviously, I want to be able to use analytics on CA SSO as well.
View full review »AJ
reviewer1319967
Middleware System Engineer at a insurance company with 11-50 employees
Some of the new protocols, like OAuth 2.0, could be improved.
It would be nice to see a better cloud-based solution that's both easy and accessible for all organizations.
AS
Amlan Sahoo
Systems-Engineer at a tech services company with 10,001+ employees
- The GUIs are not very clear, especially when integrating with other products from CA.
- Like CA IDM, there can be challenges. One needs to know that they have great hands-on on their app servers to understand the logic and deploy it accordingly.
- There were challenges with version compatibility, and this is something that I did not like. This all happened during the second phase while trying out various integrations.
Answering this would require me to know what the current platform does or doesn't do, and I'm afraid I'm not a good enough judge to make that evaluation. I might say something and it's already there, and I just don't know about it.
I will say the user interface for login is kind of plain. They could make it a little prettier. The site is a big, blue screen, with "SiteMinder," and that's pretty much it.
View full review »There is a need to introduce more templates in the UI side and this would help design this aspect better. As of now, there are only a few samples available.
There is scope for improvement in this product.
View full review »We're really interested in the containerized version of CA SSO where the product will be delivered as a container image rather than the traditional binary.
We'd also like to see a more streamlined implementation update process.
Also, I think they need to improve their support a little bit better especially with experienced customers who are very knowledgeable in product. It's difficult when working on level higher than support.
View full review »Upgrade planning is extensive and costly and involves a lot of applications, so we’d like to see that improved. Also, the policy export/import could be easier for when we go between environments and when we export/import into our production environment.
There are some security risks that we’re evaluating with a current version of the product that might require an upgrade. From an upgrade standpoint, it’s challenging – not a simple, agile type upgrade. It’s a major upgrade that affects a lot of our applications.
I'd like to see less issues when we implement new customizations or technologies. Being able to customize is something we'd like to do, but it needs improvement to allow that to happen without issue.
View full review »Better monitoring. A better way to debug a problem. When there is a problem with it, it should log enough information for CA to know what is the problem, like a better debugging tool.
It needs better debugging and support.
View full review »The upgrade/migration process can be simplified further.
If the reporting feature can be integrated into SSO itself that will be an icing on the cake.
View full review »We are looking forward to implementing the uptime automation that was mentioned in the roadmap. We will go with the upgraded tool.
Once CA has finalized the cases that we have brought to them, it will be a better product to use.
View full review »Like I said, it's pretty flexible. I mean it's met every one of our needs so far. We're currently looking to find ways of using the same authentication, which we've never actually used in it yet.
We're working with other companies now to provide federated authentication, both in and out. I will have to try that before I can say whether or not it's going to work. If it doesn't work, I think that's something we will have to explore with CA to find third-party alternatives, or something else in the future for enhancements.
View full review »Identity Manager and GovernanceMinder should integrate better. Right now, they have started integrating it, but it would be helpful it were fully integrated with the other security products.
View full review »Probably the biggest thing that SiteMinder needs is a refreshed UI for administrators. Because it's transparent to users and clients there's, not much in terms of improvement there other than additional features that they can concoct. But as an administrator, the UI can definitely use refreshing. There's ways to get to the same result with less clicks, and even with their new refreshed UI lately, it's still basically the same thing, so I don't see any improvement there.
View full review »It's difficult to configure, and has a very old and challenging user interface.
View full review »MN
reviewer1011396
Cyber Security Specialist at a manufacturing company with 11-50 employees
To add more value to this solution it needs to be more user-friendly. This is what is really needed in the next release of this product.
View full review »We're working on a mobile API gateway. I am really interested to learn more about that.
We'd like to see a new feature to support an openID connection portal. We'd also like for CA to be faster at shipping out new technical environments, such as OSs. They should do an operating system like RHEL, where Red Hat is on top the newest version of Linux. Today, they're slow to support new technology.
View full review »SA
Syed Aamer
IT Security Consultant at Duroob Technology
Maybe they could improve on the Federation part, and Federation with the apps. Not only for the websites, but with the apps also.
I do not think there is anything to improve. It is a pretty complete product.
View full review »I'd like to see authentication using biometrics. This would be a nice addition.
View full review »The initial setup was kind of cumbersome as the instructions were not great. They should really improve this.
View full review »Buyer's Guide
Symantec Siteminder
March 2024
Learn what your peers think about Symantec Siteminder. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.