What do you like best?
Simple integration with Password Self Service (separate product) to provide integrated password expiry management.
SAML IDP support which we use for a number partner cloud and internal services. Works with latest Shibboleth service provider which is great for education and research institutions.
Additional security from access gateway allows you to completely restrict access to a web service. This protects from the usual url probing sites experience looking for vulnerabilities in site code. Also ability to support legacy web applications via form filling it extremely useful to provide SSO features for users whilst providing that extra layer of security.
Excellent support documents and their support people are very good. I have over the the years had a couple of SR opened and resolved very satisfactorily.
What do you dislike?
It can be a bit of a step learning curve to understand the architecture, but it pays off to do so.
More out of the box integrations with two factor authentication providers would be good. It isn't hard to do your self as it is a very flexible system, but you do need some basic java skills or a good consultant.
Recommendations to others considering the product
Flexible and supportive company. You can get answers to your questions, you might need to find the right person but it can be done. This is not my experience with a lot of other companies.
What business problems are you solving with the product? What benefits have you realized?
Streamlined access to resources for staff and students.
Reduced support calls for expired passwords. With the Password Self Service integration, users are prompted to update their password when it expires. It also provides a consistent login experience.
The biggest improvement for user is spend less time constantly logging in which used to be a common complaint.