New Identity and Access Management Reviews: Roundup from Our Users

| |

What do enterprise tech professionals discuss in their Identity and Access Management reviews?

In IT Central Station’s Identity and Access Management category, we have over 110 reviews from our user community. Users discuss leading solutions including Oracle Identity Manager, CyberArk Privileged Account Security, CA Identity Manager, SailPoint IdentityIQ, and IBM Tivoli Access Manager.

Oracle Identity Manager

Valuable Features

By using Oracle Identity Manager, Manvendra Kumar has seen successful results, utilizing the following features:

  • User Identity provisioning and lifecycle management
  • User Identity Profile/Attribute management
  • Self-Service Tool for end-user access request & password change
  • Role and Entitlement provisioning in target application(s)
  • Auto de-provisioning of user identities
  • Audit capabilities & report generation

When specifying how these features have benefitted the end users at his Software R&D company, Kumar points to the “automation of mundane repeat tasks related to setting up user identities, and managing user access as per a defined role.”

Principa0b56 also identifies several core features in Oracle Identity Manager as most valuable: “The most valuable features are the comprehensiveness; the whole identity lifecycle management; the centralized view of people requesting access to provisioning, to SLD, and to access review; basically the whole suite.”

Room for Improvement

“The underlying architecture of the product is quite complex and hard to maintain and troubleshoot” explains Kumar, adding that “self-service capabilities are quite limited, and the out-of-the-box capabilities are limited and customizations are quite complex.”

“Everybody’s been moving onto the cloud, and it’s not a cloud-based solution” argues principa9f2b, stating how “that is one of the things that is missing. There are competitors that are moving ahead in the market….We don’t have any feature for connecting to Workday. It should be a cloud-based solution with connections to cloud applications.”

CyberArk Privileged Account Security

Valuable Features

“The most valuable feature is the password vault, which gives the administrator control over privileged accounts” writes Birzu Alexandru-Adrian.

“The other components that are valuable” he continues, are Private Session Manager, OPM, Viewfinity, and AIM, which came as an add-on to the organization’s needs.

Lastly, adds Alexandry-Adrian, “the ability to start the project, install and add the passwords in just a few days brings a big advantage for CyberArk.”

Michel Desbiens lists four valuable features of note:

  • EPV: Enterprise Password Vault
  • PSM: Privileged Session Manager
  • AIM: Application Identity Manager
  • The latest version of the product is mature and there is more functionality than we need.

Room for Improvement

“Like any software, improvements and upgrades are a necessity” says Ed366, prefacing his position that “As CyberArk is used by many Fortune 100 and Global 2000 companies, they offer custom solutions that need to be continuously improved as the company changes.” One example for improvement, he adds is “new ways to utilize accounts within the current CyberArk system allowing a more seamless flow for technicians.”
“The performance of this product needs to be improved” states ITAdmin436, explaining that “when the number of privileged accounts increases, i.e., exceeds 2000, then the performance of the system reduces. The login slows down drastically and also the connection to the target system slows down.”

CA Identity Manager

Valuable Features

“We take identity management seriously” explains Raja Krishnamurthy, sharing that “CA Identity Manager is helping us to accomplish that goal” and that his tech services company, where he is CTO, is also now able to “streamline the identity management process.”  

“The valuable features are the speed and the ability to provision all of our employees”, as well as the solution’s usability, shares Etienne Mas.

Room for Improvement

Shinoy Cherayil points out that compared to other solutions on the market, features such as “keeping up with the market and support for functionality and other core endpoints like Active Directory and Exchange” seem to be lacking.

Etienne Mas also adds that although he’s “happy with the features that are in current release”, he’d like to see “an easier upgrade from older versions. That was our challenge.”

SailPoint IdentityIQ

Valuable Features

“Access Governance has become an integral part of cybersecurity” writes Mukul Anand, describing how “it is essential to keep track of who has what access. Sailpoint IdentityIQ simplifies this by providing an out-of -the-box feature module for access certification.”

InfrastructureAnalyst006 names security and administration for any new/current access as one valuable feature, as well as the software’s process management and information search capabilities.

Room for improvement

For Mukul Anand, authentication modules are currently lacking, and SnrConsultant891 hopes to see “additional details during account aggregation failures to help quick troubleshooting.”

IBM Tivoli Access Manager

Valuable Features

Solution228537 identifies six key features as most valuable to him as a Solutions Architect at a tech vendor:

  • Several SSO methods are supported out of box.
  • Federation based SSO (SAML / Oauth / OpenID etc) setup is easy.
  • Very good performance and scalability.
  • The internal STS token service can be used for custom SSO tokens.
  • It is highly scalable and can meet high loads and performances.
  • Reverse proxy sits in front of the application and applications need only minimal changes to support SSO with ISAM.

Adrian Toth names features such as webSEAL policy, proxy servers, LDAP server (IBM TDS) as significantly valuable. For Wim Thevelin, as a Security Architect and Consultant at a tech services company, the application firewall and load balancer features are most useful.

Room for Improvement

Adrian Toth describes that after a long period without restart, the TDS/LDAP instances have been known to crash and remain in a hanging state, and the support team were “not able to find the cause”, although a restart did solve the issue.

Wim Thevelin adds that he’d like to see “the possibility to administer the appliances from one “master” appliance, instead of having to login to each particular appliance.”

What else do enterprise tech users look for in Identity and Access Management software?
Read our full collection of reviews at IT Central Station to find out.


New Storage Management Reviews: Roundup from Our Users

How I Used IT Central Station to Choose a Virtualization Management Tool