We performed a comparison between CyberArk Privileged Access Manager and One Identity Active Roles based on real PeerSpot user reviews.
Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."CyberArk Privileged Access Manager is stable."
"Technical support is very helpful whenever we have any questions."
"Password rotation is the most valuable feature"
"We like it for the ability to automatically change passwords. At least for my group, that's the best thing."
"The established sessions on the target systems are fully isolated and the privileged account credentials are never exposed to the end-users or their client applications and devices."
"Our go-to solution for securing against the pass the hash attack vector and auditing privileged account usage."
"I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault."
"They just released Marketplace, and they are constantly releasing updates to the components and adding new components, like Conjur. This is something that we ran into with Secret Server and DevOps, so it is already scalable, but becoming more so in the future."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"Having a tool to manage all changes to AD from a single pane of glass is awesome."
"The solution is stable."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"Their post-sale support area requires a big improvement. Customers cannot automate tickets directly with CyberArk. They have to come through the distributor or bring in partners who have access to the support portal. Basically, the support for post-sales implementation is there, but the role of CyberArk is very minimal. Customers have to rely on partners, which sometimes creates issues. Some of the vendors help you during the implementation process, but the CyberArk support team does not do that. They have 24/7 support for our region, but they help only if there is an emergency or there is a problem with their system. If the password vault is down or the system is down, they provide immediate attention. For almost everything else, they take more time to respond. They give low priority to service-related or migration-related questions."
"For users to access a system via CyberArk Privileged Session Manager, a universal connector needs to be coded in a language called AutoIT and its support for web browsers is so-so. Other products like Centrify have browser plugins that can help automate the process when using their products."
"The scalability, sometimes, is lacking. It works really well for more static environments... But for an environment where you're constantly spinning up new infrastructure or new endpoints, sometimes it has a hard time keeping up."
"The product could be easier to use. More work needs to be done on this aspect; it is not good enough yet. It also takes up a lot of server space. Sometimes we need to use up to seven servers."
"Initially, there was a lot of hiccups, because there were a lot of transitions due to manual installations."
"Tech support staff can be more proactive."
"More additional features as far as the REST is concerned, because we have something which was the predecessor to REST. A lot of the features which were in the predecessor have not necessarily been ported over to REST yet."
"They can do a better job in the PSM space."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"Most of the time it just works."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"The solution needs an attestation process that includes certification and recertification attestation."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
More CyberArk Privileged Access Manager Pricing and Cost Advice →
CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 144 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. CyberArk Privileged Access Manager is rated 8.8, while One Identity Active Roles is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint Identity Security Cloud, One Identity Manager and Cisco ISE (Identity Services Engine). See our CyberArk Privileged Access Manager vs. One Identity Active Roles report.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.