We performed a comparison between Cisco ISE (Identity Services Engine) and One Identity Active Roles based on real PeerSpot user reviews.
Find out what your peers are saying about Cisco, HPE Aruba Networking, Fortinet and others in Network Access Control (NAC)."The most valuable feature is the integration with StealthWatch and DNA as one fabric."
"Member Access Control and the ability to integrate all Cisco wireless, Cisco networking, switches, routers, and firewalls."
"Being able to authenticate wired users through 802.1X is valuable as it enhances our security."
"We found that the most valuable features associated with this tool are posture assessment, policy management, VLAN assignments, guest assignment, and BYOD services. In addition to these services, the Cisco IOS software switch configuration feature is another very valuable aspect of the policy and compliance solution."
"The core point is that Cisco ISE is the same globally compared to FortiAuthenticator. Whether I deploy in China, the US, South Africa, or wherever, I'm can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability."
"The most valuable feature is the flexibility of the policy sets."
"Cisco ISE integrates with everything else."
"In terms of features, I think they've done a lot of improvement on the graphical user interface — it looks really good right now."
"Secure access is the most valuable feature."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"It gives us attribute-level control and the AD management features work very well."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"The solution is stable."
"Cisco ISE is complex. The deployment and design of networks with it is so complex. If it could change it would be better."
"In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support."
"The Cisco wireless controller needs to add more than one physical port."
"The pricing and licensing structure are not ideal for customers."
"Support and integration for the active devices needs to be worked on. Their features mainly work well with Mac devices. If we use an HP the Mac functionalities may no longer be able to deliver."
"An issue with the product is it tends to have a lot of bugs whenever they release a new release."
"Difficult to figure out the protocols and nodes in order to implement correctly."
"I don't see as many customers as I should adopting the onboarding feature. I think Cisco should make that process a lot easier and less intrusive on the end users' devices."
"Most of the time it just works."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"The way you can search groups could be better."
"The ability to send logs to a SIEM would be very beneficial."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"The solution needs an attestation process that includes certification and recertification attestation."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while One Identity Active Roles is rated 8.6. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and Fortinet FortiAuthenticator, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, One Identity Manager, SailPoint IdentityIQ and Netwrix Auditor.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.