Image showing a hand holding a key, symbolizing access management in the CA Identity Manager: IAM product review.

CA Identity Manager: IAM product review

UPDATED: Our team has updated this article since it was originally published in 2015, and IAM tools have come a long way since that time. We’d like to hear about your experience with CA Identity Manager, as well as other IAM tools. How does it stack up, in your experience? Contact us and let us know what you’d like to see in further IAM reviews.

Ephrem is a senior consultant in our cybersecurity and risk management community.  He provides complex technical project leadership expertise and specializes in building enterprise IAM solutions for clients.


The rising cases of security breaches and identity-related fraud are significantly contributing to the growth of the identity and access management(IAM) market. A report by marketsandmarkets anticipated growth reaching $25.6 billion by 2027 from $13.4 billion in 2022. That’s at a CAGR of 13.7% between 2022 to 2027.

In this article, I will discuss the significance of identity management. I will also mention different identity management solutions and review the CA Identity Manager. It’s important to note that identity management is a subset of IAM practice, which falls under the larger umbrella of IT security.

What is Identity access management?

It refers to the framework of policies, processes and technologies that ensure appropriate access to resources within a digital environment. It incorporates managing the identities of individuals or entities, verifying whether they are who they claimed they are, and granting or revoking access to data, systems or applications given a set of predefined rules and roles.

IAM is highly significant in cybersecurity as it addresses the challenges of managing and securing user identities and access privileges. It enables organizations to secure sensitive information, block unauthorized access, mitigate insider threats, and comply with regulatory requirements.

What tools do businesses use to manage their identities and accesses?

The tool(s) enterprises use to manage their identities and access to resources vary greatly from a homegrown solution to a wide selection of third-party packaged solutions.  Depending on the size of the enterprise, the home-grown IAM solution is becoming a less reasonable choice every day for major organizations.  This is mainly due to the overhead in maintaining and maturing a home-grown solution compared to the cost of getting a packaged solution and the automatic gains in industry standards and best practices.  Today, enterprises have several packaged options to evaluate and choose the IAM solution that best fits their needs.  Most prominent software companies have their hands on IAM solutions, such as Oracle, IBM, Microsoft, NetIQ, SAP, Sailpoint, RSA, and CA Technologies.  For this article, I will provide my take on one of the IAM products by CA Technologies, CA Identity Manager. In their January 2017 edition, Gartner placed CA Technologies in the “LEADERS” magic quadrant for their IAM products.

What is a CA Identity Manager?

CA Identity Manager is one of the more robust tools in the IAM space. It provides the capability and feature sets most enterprises seek to manage identities and accounts through their life cycles.  User onboarding, off-boarding, account provisioning, de-provisioning, password management, self-service, access request, approval workflows, and reporting are some of the various capabilities of the CA Identity Manager.

Despite the availability of these great functionalities, implementation of the solution is not necessarily an easy undertaking. Depending on the size of the scope, complexity of the requirements and the number of target systems to integrate with, CA Identity Manager implementation can take anywhere from six months to two years.  The challenge is more complex if the enterprise is to rely fully on in-house talent that does not have prior implementation experience with the product.  Due to the breadth of the product features, an organization requires a complex, multi-layered solution architecture, which results in a challenging and non-intuitive implementation process. You might want to consult or collaborate with an infosec team to take this burden off you.

What are the benefits of CA Identity Manager?


CA Identity Manager comes with interfaces, client tools and APIs

For those who would use it very carefully (I will come back to this point later). The complexity of CA Identity Manager implementation comes with the great benefit of being highly customizable.  One might look for a straight out-of-the-box solution if the product lacks functionality. CA Identity Manager provides interfaces, client tools and APIs, allowing customers to custom-develop a solution to fill the gap.

Custom connector development

For provisioning needs, CA Identity Manager comes with many out-of-the-box connectors, such as Active Directory, SAP, Oracle Databases, etc.  If there is an application for which CA Identity Manager does not have a connector, it provides a client tool, Connector Xpress, that helps with custom connector development.

Policy Xpress to write no-code business logic within a web-based user interface

Another incredible framework that CA Identity Manager offers is Policy Xpress, a platform that lets customers write business logic within a web-based user interface without necessarily having a software programmer background.  However, the product’s flexibility can sometimes cause defeating behaviors, so I mentioned “carefully” earlier.  It is not uncommon to see some organizations either completely avoid doing any custom work to aid the tool or get too excited about the flexibility and custom-do everything to a point where the tool is not recognizable.  As with everything else, it is a matter of finding the right balance; in my view, CA Identity Manager offers too much flexibility to a point where unaware customers might trip themselves up by making it impossible for the vendor to continue to provide support.  However, many features, such as the self-service functionalities, password reset and account unlock, and updating preferred phone numbers, are much less complicated to implement.

Reporting capability

CA Identity Manager also ships with a CA re-branded SAP BusinessObjects reporting engine to provide customers with reporting capability.  Empowering customers so they can report on their identities and define what each identity has access to is an invaluable benefit for both audit and compliance purposes.  CA Identity Manager comes with canned audit reports and relatively easy-to-configure snapshot-based reports.

I would conclude my thoughts by leaning more towards the love side of my love-hate relationship with the CA Identity Manager for the past few years.  Once you manage all the implementation challenges well, CA Identity Manager is a very stable product with great community support and a vendor support team.  I would have recommended it to a friend if it were a personal consumer product.