We performed a comparison between BeyondTrust Endpoint Privilege Management and One Identity Active Roles based on real PeerSpot user reviews.
Find out what your peers are saying about CyberArk, Delinea, BeyondTrust and others in Privileged Access Management (PAM)."I would say session management on the go is the most valuable feature. When the session is going on, you can stop the session without terminating it for justification. You can cancel it. The recording takes very little space. Those are some things which the customers are worried about when they talk about session recording."
"The solution's least privilege enforcement has helped us ensure access is given to only the required people."
"The tool is easy to use and deploy. It has PAM capabilities like privilege access. The solution helps with the management of third parties and vendors. It is an effective solution compared to other alternatives."
"What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy."
"Technical support is good."
"Scalability is good. I would rate the scalability a nine out of ten."
"It is straightforward. It is a good technology, and it is made to do one single thing."
"BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"Secure access is the most valuable feature."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful."
"The program updates are very rare and the frequency is too far apart to take care of bug fixes and adding the latest features."
"Their technical support could be more responsive and helpful."
"If you don't get the implementation right at the outset, you will struggle with the product."
"There is room for improvement in having the solution align more with standards. We're always shoehorning the product into the standards. It's not that it doesn't work for standards, it does. But Quick Start Policies are pretty close to what we need. The vendor needs to keep looking at GDPR, 27001, and 27701. That's why our clients buy the product."
"How the accounts are presented in the solution's UI can be improved."
"The weaknesses are related to the effort required to migrate from existing technologies or having no Privilege Access Management (PAM) at all to adopting technologies like BeyondTrust. It involves changes in processes and can take a significant amount of time, typically six to twelve months."
"The help system should be improved to provide a quick help guide with each tab within the solution, which explains what each particular function does."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"The solution needs an attestation process that includes certification and recertification attestation."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"The way you can search groups could be better."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
More BeyondTrust Endpoint Privilege Management Pricing and Cost Advice →
BeyondTrust Endpoint Privilege Management is ranked 4th in Privileged Access Management (PAM) with 27 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. BeyondTrust Endpoint Privilege Management is rated 8.0, while One Identity Active Roles is rated 8.6. The top reviewer of BeyondTrust Endpoint Privilege Management writes "Admin rights can be granted and revoked within minutes and that is what everything comes down to, for us". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". BeyondTrust Endpoint Privilege Management is most compared with CyberArk Endpoint Privilege Manager, Cisco ISE (Identity Services Engine), CyberArk Privileged Access Manager, Delinea Secret Server and ARCON Privileged Access Management, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Softerra Adaxes.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.