We performed a comparison between One Identity Active Roles and One Identity Manager based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is stable."
"It gives us attribute-level control and the AD management features work very well."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"We chose this product for being able to accommodate our requirements. It's very flexible, and it's open to being developed to our requirements."
"The solution does lots of things that we did manually before."
"The Data Importer is a great tool to create an ETL. It generates code which is easy to maintain later without the tool."
"One Identity Manager's account creation feature stands out as its most valuable functionality."
"It is easy to extend the product for custom purposes."
"There are a lot of valuable features, including connectors, attestations, and workflow."
"The best part of One Identity Manager is that it provides wholesome features. Most of the things required for identity management are given out of the box in One Identity Manager. You can just define your use cases, take this tool, and right away implement the solution."
"For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems."
"Most of the time it just works."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"The solution needs an attestation process that includes certification and recertification attestation."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"There are a few aspects of One Identity Manager's user experience that could be improved."
"Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work."
"There are several smaller parts of the tool that have room for improvement."
"The support for DevOps could be improved with quick delivery cycles and multiple delivery streams."
"It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side."
"With technical support, it is always an issue to get the right person. They do have good technical people in support, but it is sometimes not so easy to get them."
"The user experience is good, but it can be improved. There are a lot of features in the administration part, and they need better documentation. For example, they need to explain the main reason for a feature, and what the tables are in the database. It needs better documentation about all the features that are in the solution."
"One of the things we would like is the ability to have more than one system role manager. That would be nice. For example, when people are on vacation, sometimes it gets a little hard to administrate system roles."
One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews while One Identity Manager is ranked 2nd in User Provisioning Software with 75 reviews. One Identity Active Roles is rated 8.6, while One Identity Manager is rated 8.0. The top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, Softerra Adaxes and NetIQ Directory and Resource Administrator, whereas One Identity Manager is most compared with SailPoint IdentityIQ, Oracle Identity Governance, EVOLVEUM midPoint, Cisco ISE (Identity Services Engine) and Microsoft Identity Manager. See our One Identity Active Roles vs. One Identity Manager report.
See our list of best User Provisioning Software vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.