• Home
  • BeyondTrust Endpoint Privilege Management vs. One Identity Active Roles

BeyondTrust Endpoint Privilege Management vs One Identity Active Roles comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Privileged Access Management (PAM)
March 2024
Executive Summary

We performed a comparison between BeyondTrust Endpoint Privilege Management and One Identity Active Roles based on real PeerSpot user reviews.

Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM).
To learn more, read our detailed Privileged Access Management (PAM) Report (Updated: March 2024).
Download the complete report
767,995 professionals have used our research since 2012.
Featured Review
Marlin B Pohlman
Admin rights can be granted and revoked within minutes and that is what everything comes down to, for us
One of our customers has a branch in Toronto so they fall under a multi-regulatory scheme. That's where the multi-cloud infrastructure and the... Read more →
SameerPalav
Enables zero trust security with hybrid AD find delegation and role-based access control
The solution enables us to create a user in the cloud and give them access to resources through a single workflow which is important to all our... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things which the customers are worried about when they talk about session recording.""The solution's least privilege enforcement has helped us ensure access is given to only the required people.""The tool is easy to use and deploy. It has PAM capabilities like privilege access. The solution helps with the management of third parties and vendors. It is an effective solution compared to other alternatives.""What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy.""Technical support is good.""Scalability is good. I would rate the scalability a nine out of ten.""It is straightforward. It is a good technology, and it is made to do one single thing.""BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc."

More BeyondTrust Endpoint Privilege Management Pros →

"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them.""In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well.""Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way.""The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes.""It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool.""With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems.""Secure access is the most valuable feature.""It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."

More One Identity Active Roles Pros →

Cons
"Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful.""The program updates are very rare and the frequency is too far apart to take care of bug fixes and adding the latest features.""Their technical support could be more responsive and helpful.""If you don't get the implementation right at the outset, you will struggle with the product.""There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards. It's not that it doesn't work for standards, it does. But Quick Start Policies are pretty close to what we need. The vendor needs to keep looking at GDPR, 27001, and 27701. That's why our clients buy the product.""How the accounts are presented in the solution's UI can be improved.""The weaknesses are related to the effort required to migrate from existing technologies or having no Privilege Access Management (PAM) at all to adopting technologies like BeyondTrust. It involves changes in processes and can take a significant amount of time, typically six to twelve months.""The help system should be improved to provide a quick help guide with each tab within the solution, which explains what each particular function does."

More BeyondTrust Endpoint Privilege Management Cons →

"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up.""It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch.""The solution needs an attestation process that includes certification and recertification attestation.""For the AAD management feature, it needs to improve the objects that we can manage and the security.""The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there.""I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget.""The way you can search groups could be better.""In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."

More One Identity Active Roles Cons →

Pricing and Cost Advice
  • "I'm sure everyone should have the cluster environment, which means more expensive, anyway, cheaper than the other solutions."
  • "PowerBroker for a Mac client is three times the price of the Windows version."
  • "What BeyondTrust was providing was user-based licensing which was a great benefit from the client point of view. Recently, I don't know why, the licensing model has been changed, and that is the reason that they have lost a bit of their edge when it comes to the PAM, against our competition. The asset-based licensing, from the user's point of view, is not beneficial. The licensing should be based on the users. The greater the number of users, the greater will be the load and the greater the scalability problems. I presume that is why the licensing model has changed."
  • "This solution is expensive compared to its competitors."
  • "Price-wise, it is very competitive. In our area, government entities and banks don't go for the monthly payment. It is a headache even for us in terms of finance and procurement to go for monthly payments. Quarterly might be more logical and reasonable, but the minimum that we go for is one year, and sometimes, we even try to compile and give one offering for three years."
  • "Its pricing and licensing are okay. We were in the perpetual model when it was on-prem, and now, with the SaaS service, we have a subscription model. As a customer, I would always like to see a lower price, but it seems to be priced at the right model currently, and we are trying to get the maximum benefits out of it."
  • "The product’s licensing is different for Windows, Linux, and Mac. The tool’s licensing is yearly."
  • "It was very expensive."

    • More BeyondTrust Endpoint Privilege Management Pricing and Cost Advice →

  • "The licensing model is a simple user-based model, not that much complicated."
  • "The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
  • "The pricing is on the higher end."
  • "It's fairly priced."
  • "It's expensive."

    • More One Identity Active Roles Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
    See Recommendations
    767,995 professionals have used our research since 2012.
    Questions from the Community
    Looking for recommendations and a pros/cons template for software to dete...
    Top Answer:This is an inside-out --- outside-in --- inside-in question, as an insider can be an outsider as well. There is no short answer other than a blend of a PAM tool with Behavioral Analytics and Endpoint… more »
    Read all 5 answers   →
    What do you like most about BeyondTrust Endpoint Privilege Management?
    Top Answer:The solution's least privilege enforcement has helped us ensure access is given to only the required people.
    Read all 20 answers   →
    What is your experience regarding pricing and costs for BeyondTrust Endpo...
    Top Answer:On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing a seven out of ten.
    Read all 14 answers   →
    What do you like most about One Identity Active Roles?
    Top Answer:The solution is stable.
    Read all 13 answers   →
    What is your experience regarding pricing and costs for One Identity Acti...
    Top Answer:The solution is fairly priced. That said, I have nothing to compare it to.
    Read all 6 answers   →
    What needs improvement with One Identity Active Roles?
    Top Answer:The solution has not enabled us to reduce password reset times. It has not automated provisioning. The group attestation could be improved. It was a feature that was available in version 5. You can… more »
    Read all 13 answers   →
    Ranking
    4th
    out of 48 in Privileged Access Management (PAM)
    Views
    4,264
    Comparisons
    1,858
    Reviews
    11
    Average Words per Review
    676
    Rating
    8.0
    5th
    out of 24 in User Provisioning Software
    Views
    1,783
    Comparisons
    742
    Reviews
    5
    Average Words per Review
    673
    Rating
    8.0
    Comparisons
    Also Known As
    BeyondTrust PowerBroker, BeyondTrust Endpoint Privilege Management for Windows, BeyondTrust Endpoint Privilege Management for Mac, BeyondTrust Endpoint Privilege Management for Linux, BeyondTrust Endpoint Privilege Management for Unix, Avecto Defendpoint
    Quest Active Roles
    Learn More
    BeyondTrust
    One Identity
    Overview

    BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.

    Key Solutions Include:

    -ENTERPRISE PASSWORD SECURITY

    Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.

    -ENDPOINT LEAST PRIVILEGE

    Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.

    -SERVER PRIVILEGE MANAGEMENT

    Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.

    -A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS

    Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.

    Learn more at https://www.beyondtrust.com/privilege-management

    One Identity Active Roles is a highly regarded solution for Active Directory (AD) security and account management. One Identity Active Roles will enhance group, account, and directory management while eradicating the need for manual processes. The end result is a significant increase in the overall speed, efficiency, and security of the organization.

    Using One Identity Active Roles, users can:

    • Easily increase and strengthen native attributes of Active Directory (AD) and Azure AD.

    • Quickly unify and automate group and account management while protecting and securing critical administrative access.

    • Free up valuable resources to concentrate on other IT tasks, fully confident that your user permissions, critical data, and privileged access are safe and secure.

    Managing accounts in AD and Azure AD can be tremendously challenging; continually keeping these important systems safe and secure presents an even greater challenge. Traditional tools can be inefficient, error-prone, and very disjointed. In today’s robust marketplace, organizations are finding it somewhat difficult to keep pace with the constant access changes in a hybrid AD ecosystem. Additionally, there are significant security issues to consider (government compliance, employee status/access changes, and other confidential business requirements). And, of course, there is a requirement to properly manage Active Directory and Azure Active Directory access in addition to managing all the other numerous SaaS and non-Windows applications that organizations use today.

    Users can easily automate all of these tedious, mundane administrative tasks, keeping their systems safe and error-free. Active Roles ensures users can perform their job responsibilities more effectively, more efficiently, and with minimal manual intervention. Active Roles was created with a flexible design, so organizations can easily scale to meet your organizational needs, today, tomorrow, and in the foreseeable future.

    Reviews from Real Users

    A PeerSpot user who is a Network Analyst at a government tells us, “It has eliminated admin tasks that were bogging down our IT department. Before we started using Active Roles, if one of our frontline staff members deleted a user or group, it could take several hours to try to reverse that mistake. Whereas now, the most our frontline staff can do is a deprovision, which just disables everything in the background, but it's still there. We can go in and have it back the way it was two minutes later. Instead of it taking two hours, it only takes two minutes.

    Becky P., Sr Business Analyst at George Washington University, shares, “In addition, with the use of workflows and the scheduled tasks, we were able to automate and centrally manage a number of the processes as well as utilize them to work around other product limitations. Those include, but are not limited to syncing larger groups, which have 50,000 plus members, to Azure AD. We sync up to Azure AD using ARS. If we had not already had ARS in place, it would have been impossible for us to have done so in the time period we did it in. We did it in under six months. ARS probably saves us at least two weeks out of every month. It's reduced our workload by 50 percent, easily.”

    Sample Customers
    Aera Energy LLC, Care New England, James Madison University
    City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
    Top Industries
    REVIEWERS
    Construction Company14%
    Comms Service Provider14%
    Manufacturing Company14%
    Security Firm14%
    VISITORS READING REVIEWS
    Financial Services Firm13%
    Computer Software Company12%
    Manufacturing Company10%
    Government7%
    REVIEWERS
    Aerospace/Defense Firm18%
    Financial Services Firm18%
    Comms Service Provider9%
    Consumer Goods Company9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Government9%
    Healthcare Company8%
    Company Size
    REVIEWERS
    Small Business43%
    Midsize Enterprise7%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business20%
    Midsize Enterprise13%
    Large Enterprise67%
    REVIEWERS
    Small Business28%
    Midsize Enterprise6%
    Large Enterprise67%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise68%
    Buyer's Guide
    Privileged Access Management (PAM)
    March 2024
    Download Free Report
    Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM). Updated: March 2024.
    DOWNLOAD NOW
    767,995 professionals have used our research since 2012.

    BeyondTrust Endpoint Privilege Management is ranked 4th in Privileged Access Management (PAM) with 27 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. BeyondTrust Endpoint Privilege Management is rated 8.0, while One Identity Active Roles is rated 8.6. The top reviewer of BeyondTrust Endpoint Privilege Management writes "Admin rights can be granted and revoked within minutes and that is what everything comes down to, for us". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". BeyondTrust Endpoint Privilege Management is most compared with CyberArk Endpoint Privilege Manager, Cisco ISE (Identity Services Engine), CyberArk Privileged Access Manager, Delinea Secret Server and ARCON Privileged Access Management, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Softerra Adaxes.

    We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.