We performed a comparison between One Identity Active Roles and One Identity Manager based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Having a tool to manage all changes to AD from a single pane of glass is awesome."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"Secure access is the most valuable feature."
"The Data Importer is a great tool to create an ETL. It generates code which is easy to maintain later without the tool."
"The solution does help us efficiently manage lots of authorizations automatically."
"The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc."
"The most valuable features of this solution are its handling and that it is easy to maintain and manage the data."
"For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems."
"The portfolio view simplifies this process, eliminating the need to check through Tableau or other tools."
"I rate One Identity nine out of 10 for stability. We haven't seen any downtime. It has worked smoothly since it went into production."
"It is easy to extend the product for custom purposes."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"Most of the time it just works."
"The ability to send logs to a SIEM would be very beneficial."
"One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles."
"The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or a 1000 people, but when it is a large number, it is quite difficult to maintain."
"One area that could be improved is the speed of performance - it's often a bit slower because of the size of its database."
"I would like some access management features to be added. We have some customers with a small need to do authentication as a service, and there are other solutions on the market which offer this."
"One Identity Manager is currently in the process of modernizing its UI, which I hope will result in a more user-friendly interface for its Identity Manager. However, it is uncertain whether they have plans to consolidate their various tools into a unified system to simplify configuration and tasks."
"One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved..."
"A room for improvement in One Identity Manager is its analytics. Though it's getting better from version to version, the analytics feature still needs improvement. I would appreciate more analytical features in the next release of One Identity Manager, so I can do a better analysis. Another vendor, for example, has a self-certification system where you can send people, then create a type of profile or screen for each person, and the person can see his entitlement and the risks behind that entitlement, so then the person makes a decision on whether he wants to keep or let go of it, and that's an out-of-the-box feature that would be good to see in One Identity Manager. Another feature I'd like to see in One Identity Manager that would be very interesting is integration with SIEM or any log collection product for both access and usage. For example, I'd be able to see that I have access to a particular application and also get information on how many times I've accessed it in the last year, last few months, etc. It's a feature that would be great to have in One Identity Manager."
"It has problems with performance. This is a very serious issue for us. Other than that, it's really capable. The performance is what is missing. It's really poor."
One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews while One Identity Manager is ranked 2nd in User Provisioning Software with 75 reviews. One Identity Active Roles is rated 8.6, while One Identity Manager is rated 8.0. The top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, Softerra Adaxes and NetIQ Directory and Resource Administrator, whereas One Identity Manager is most compared with SailPoint IdentityIQ, Oracle Identity Governance, EVOLVEUM midPoint, Cisco ISE (Identity Services Engine) and Microsoft Identity Manager. See our One Identity Active Roles vs. One Identity Manager report.
See our list of best User Provisioning Software vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.