We performed a comparison between BeyondTrust Endpoint Privilege Management and One Identity Active Roles based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."I find the solution’s features like section management, password management, and analytics valuable."
"I'm a BeyondTrust partner and I have multiple deployments, four or five banks right now. The features that give us quite an edge compared to what our competitors are offering - like IBM or Thycotic - are the Session Management, that is quite a big one; also the recording of keystrokes. In addition, there is the password vaulting and state-of-the-art Password Management, which I haven't seen in other products."
"The solution's least privilege enforcement has helped us ensure access is given to only the required people."
"The implementation is quite easy because the documents are always online."
"The features related to application elevate is amazing. It helped the company to remove almost all admin local users."
"BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc."
"The privileged access management into sensitive systems is very valuable. That includes control from the endpoint all the way through to the managing of passwords and credentials that are used by the person to access the sensitive information. It's very useful, because nobody ever really maintains passwords for those endpoint systems. It's maintained in the Dropbox password file."
"I find the comprehensive Privilege Access Management features valuable, including automation, and the ability to integrate with applications and the Windows operating system."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"It gives us attribute-level control and the AD management features work very well."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"Secure access is the most valuable feature."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"We use a program to automate all of this, but it's not a default feature of BeyondTrust Endpoint Privilege Management."
"Its feature for establishing workflows needs improvement."
"Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful."
"The help system should be improved to provide a quick help guide with each tab within the solution, which explains what each particular function does."
"They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment."
"A valuable enhancement could be the capability to deploy agents directly through the console."
"The initial setup was very difficult. Even if you are an expert in EPM, it is still very difficult."
"How the accounts are presented in the solution's UI can be improved."
"The ability to send logs to a SIEM would be very beneficial."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"Most of the time it just works."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
More BeyondTrust Endpoint Privilege Management Pricing and Cost Advice →
BeyondTrust Endpoint Privilege Management is ranked 4th in Privileged Access Management (PAM) with 27 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. BeyondTrust Endpoint Privilege Management is rated 8.0, while One Identity Active Roles is rated 8.6. The top reviewer of BeyondTrust Endpoint Privilege Management writes "Admin rights can be granted and revoked within minutes and that is what everything comes down to, for us". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". BeyondTrust Endpoint Privilege Management is most compared with CyberArk Endpoint Privilege Manager, Cisco ISE (Identity Services Engine), CyberArk Privileged Access Manager, Delinea Secret Server and ARCON Privileged Access Management, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Softerra Adaxes.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
