We performed a comparison between One Identity Active Roles and Symantec Identity Governance and Administration based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"The solution is stable."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Having a tool to manage all changes to AD from a single pane of glass is awesome."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"There are many valuable features within the solution. The product is easy to customize. It’s also highly secure."
"The most valuable features are role-based access and identity provisioning, which allow a single point of user access to multiple places."
"It's a very useful tool that has improved our client's security, from day one."
"It has improved our user management. It is definitely streamlined."
"Word mining and risk campaigns are the most valuable features of this solution."
"The product’s most valuable feature is flexibility. It can be customized as per the customer’s requirements."
"What I found most valuable in Symantec Identity Governance and Administration is its simple GUI. It's also easy to deploy compared to other products. With other products, you have to install the Windows version inside the Windows machine on all units, but with Symantec Identity Governance and Administration, it can work offline, so the solution is a little bit easier than other systems."
"It offers a nice price. It's mid-range."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"The ability to send logs to a SIEM would be very beneficial."
"The way you can search groups could be better."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"Integration capabilities with other solutions and formats, including JSON, could be improved."
"The product works slowly while accessing cloud-native solutions."
"Provisioning has a dependency on Windows."
"There are several areas for improvement in Symantec Identity Governance and Administration. They have no proper documentation on how to do backups. They also have a lengthy workflow process where we have to make some configurations to manage automation in the rules and in our tasks which takes time. We have to manually configure all the configuration files, and we cannot export users because there's no export system in Symantec Identity Governance and Administration. What we'd like to see in the next release of the solution is for them to make configuration and integration with other systems their top priorities. We have many API systems to manage, so hopefully, if they make these enhancements shortly, we can directly connect with our API systems when using Symantec Identity Governance and Administration."
"The product has a lot of need for improvement. Our issues are being raised back to the vendor as enhancements."
"The support from Symantec Identity Governance and Administration could improve."
"They provide a framework to develop your own connectors. A connector is a piece of software that integrates with the solutions that are not a part of the support matrix. Currently, it is difficult to create these connectors in this solution. Other solutions, such as NetIQ Identity, provide a better way to create your own connector. Currently, there is no cloud version. It should have a cloud version."
"There are times that it takes too long to generate reports and to run the assessment tools to collect the information."
More Symantec Identity Governance and Administration Pricing and Cost Advice →
One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews while Symantec Identity Governance and Administration is ranked 9th in User Provisioning Software with 65 reviews. One Identity Active Roles is rated 8.6, while Symantec Identity Governance and Administration is rated 7.6. The top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". On the other hand, the top reviewer of Symantec Identity Governance and Administration writes "Works well on-premises and has partial capabilities but lacks many feaures". One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint Identity Security Cloud, One Identity Manager and Softerra Adaxes, whereas Symantec Identity Governance and Administration is most compared with SailPoint Identity Security Cloud, AlertEnterprise Enterprise Guardian, SAP Identity Management, Cisco ISE (Identity Services Engine) and Microsoft Identity Manager. See our One Identity Active Roles vs. Symantec Identity Governance and Administration report.
See our list of best User Provisioning Software vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.