• Home
  • CyberArk Privileged Access Manager vs. One Identity Active Roles

CyberArk Privileged Access Manager vs One Identity Active Roles comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
CyberArk Privileged Access Manager vs. One Identity Active Roles
March 2023
Executive Summary

We performed a comparison between CyberArk Privileged Access Manager and One Identity Active Roles based on real PeerSpot user reviews.

Find out in this report how the two Privileged Access Management (PAM) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed CyberArk Privileged Access Manager vs. One Identity Active Roles Report (Updated: March 2023).
Download the complete report
767,847 professionals have used our research since 2012.
Featured Review
Jonathan Hawes
Easy to secure, control, and monitor privileged access on highly critical networks
The out-of-the-box functionality, Windows OS Privileged local account password change management was the first automation feature implemented, and... Read more →
Finn Jacobsen
It centralizes and distributes IT functions to our sub-IT administrators, making everything more efficient
Active Roles improved the management of users, groups, and AD objects in the organization. It reduces the time we spend on password resets by 50... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Ensures accounts are managed according to corporate policies.""I find value in notifications from CyberArk when passwords fail verification and have other issues.""If any intruder gets inside, they would not be able to move around nor do lateral movements. It minimize any attack problems within our network.""It is useful for protecting passwords. If you need to do access security management, you can first use the CyberArk console, and after that, you can connect the firewall interface or firewall command line. Similarly, if you need to do an RDP session, you need to first log in to CyberArk before connecting to the Windows RDP session. This way, the admin doesn't know the password, and that password is changed immediately. To change the password, you first discover the old password in the network, and after that, you can change the password.""Lessens the risk with privileged access.""I'm no longer the product owner for PAM, but I can say that the most useful feature is the vault functionality, which keeps all your passwords secure in a digital vault.""The ability to develop and deploy applications with no stored secrets is very valuable.""The password management feature is valuable."

More CyberArk Privileged Access Manager Pros →

"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system.""It gives us attribute-level control and the AD management features work very well.""The provisioning and deprovisioning saves a lot of time and skips a lot of errors.""With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems.""Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner.""The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes.""Active Roles improved the management of users, groups, and AD objects in the organization.""In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."

More One Identity Active Roles Pros →

Cons
"Sometimes the infrastructure team is hesitant to provide more resources.""The admin interface of the Password Vault Web Access (PVWA) is moving from an old style (the classic interface) to a new style (the v10 interface) and unfortunately, this process is quite slow.""It is very complex and difficult to set up the solution.""I would like to see improvement in the custom connector for integration with different devices.""I would love them to improve their UI customizing features.""CyberArk Privileged Access Manager could improve the integration docking, it should have more layers. For example, integration with OpenShift.""If you are an administrator or architect, then the solution is kind of complicated, as it is mostly focused on the end user. So, they need to also focus on the people who are implementing it.""The initial setup of CyberArk is a challenge if you do not have prior experience with it."

More CyberArk Privileged Access Manager Cons →

"The way you can search groups could be better.""I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget.""It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch.""In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets.""There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them.""For the AAD management feature, it needs to improve the objects that we can manage and the security.""When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow.""For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."

More One Identity Active Roles Cons →

Pricing and Cost Advice
  • "Pricing and licensing depend on the environment."
  • "It is not a cheap solution. It is expensive as compared with other solutions. However, it is one of the best solutions in their domain."
  • "It can be an expensive product."
  • "Cost efficiency is the number one thing that can be improved in my mind. This would change lots of companies minds on purchasing the product."
  • "The cost is high compared to other products."
  • "CyberArk provides all the features bundled. This is compared to other vendors who provide them as a different license for each functionality."
  • "Our risk is definitely significantly lower. Also, our resources are low."
  • "If you are looking at implementing this solution, buy the training and go to it."

    • More CyberArk Privileged Access Manager Pricing and Cost Advice →

  • "The licensing model is a simple user-based model, not that much complicated."
  • "The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
  • "The pricing is on the higher end."
  • "It's fairly priced."
  • "It's expensive."

    • More One Identity Active Roles Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Privileged Access Management (PAM) solutions are best for your needs.
    See Recommendations
    767,847 professionals have used our research since 2012.
    Questions from the Community
    How does Sailpoint IdentityIQ compare with CyberArk PAM?
    Top Answer:We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the… more »
    Read all 2 answers   →
    What do you like most about CyberArk Privileged Access Manager?
    Top Answer:CyberArk PAM can be easily automated.
    Read all 45 answers   →
    What is your experience regarding pricing and costs for CyberArk Privileg...
    Top Answer:The product is expensive. I rate the product’s pricing a seven out of ten, where one is cheap and ten is expensive.
    Read all 31 answers   →
    What do you like most about One Identity Active Roles?
    Top Answer:The solution is stable.
    Read all 13 answers   →
    What is your experience regarding pricing and costs for One Identity Acti...
    Top Answer:The solution is fairly priced. That said, I have nothing to compare it to.
    Read all 6 answers   →
    What needs improvement with One Identity Active Roles?
    Top Answer:The solution has not enabled us to reduce password reset times. It has not automated provisioning. The group attestation could be improved. It was a feature that was available in version 5. You can… more »
    Read all 13 answers   →
    Ranking
    1st
    out of 48 in Privileged Access Management (PAM)
    Views
    11,160
    Comparisons
    6,378
    Reviews
    34
    Average Words per Review
    621
    Rating
    8.9
    5th
    out of 24 in User Provisioning Software
    Views
    1,783
    Comparisons
    742
    Reviews
    5
    Average Words per Review
    673
    Rating
    8.0
    Comparisons
    Also Known As
    CyberArk Privileged Access Security
    Quest Active Roles
    Learn More
    CyberArk
    One Identity
    Overview

    CyberArk Privileged Access Manager is a next-generation solution that allows users to secure both their applications and their confidential corporate information. It is extremely flexible and can be implemented across a variety of environments. This program runs with equal efficiency in a fully cloud-based, hybrid, or on-premises environment. Users can now protect their critical infrastructure and access it in any way that best meets their needs.

    CyberArk Privileged Access Manager possesses a simplified and unified user interface. Users are able to manage the solution from one place. The UI allows users to view and manage all of the information and controls that administrators need to be able to easily access. Very often, management UIs do not have all of the controls and information streamlined in a single location. This platform provides a level of visibility that ensures users will be able to view all of their system’s most critical information at any time that they wish.

    Benefits of CyberArk Privileged Access Manager

    Some of CyberArk Privileged Access Manager’s benefits include:

    • The ability to manage IDs and permissions across a cloud environment. In a world where being able to work remotely is becoming increasingly important, CyberArk Privileged Access Manager is a very valuable tool. Administrators do not need to worry about infrastructure security when they are away from the office. They can assign and manage security credentials from anywhere in the world.
    • The ability to manage the program from a single centralized UI. CyberArk Privileged Access Manager’s UI contains all of the system controls and information. Users now have the ability to view and use all of their system’s most critical information and controls from one place.
    • The ability to automate user management tasks. Administrators can save valuable time by assigning certain management tasks to be fulfilled by the system itself. Users can now reserve their time for tasks that are most pressing. It can also allow for the system to simplify the management process by having the platform perform the most complex functions.

    Reviews from Real Users

    CyberArk Privileged Access Manager’s software stands out among its competitors for one very fundamental reason. CyberArk Privileged Access Manager is an all-in-one solution. Users are given the ability to accomplish with a single platform what might usually only be accomplished with multiple solutions.

    PeerSpot users note the truly all-in-one nature of this solution. Mateusz K., IT Manager at a financial services firm, wrote, "It improves security in our company. We have more than 10,000 accounts that we manage in CyberArk. We use these accounts for SQLs, Windows Server, and Unix. Therefore, keeping these passwords up-to-date in another solution or software would be impossible. Now, we have some sort of a platform to manage passwords, distribute the inflow, and manage IT teams as well as making regular changes to it according to the internal security policies in our bank."

    Hichem T.-B., CDO & Co-Founder at ELYTIK, noted that “This is a complete solution that can detect cyber attacks well. I have found the proxy features most valuable for fast password web access.”

    One Identity Active Roles is a highly regarded solution for Active Directory (AD) security and account management. One Identity Active Roles will enhance group, account, and directory management while eradicating the need for manual processes. The end result is a significant increase in the overall speed, efficiency, and security of the organization.

    Using One Identity Active Roles, users can:

    • Easily increase and strengthen native attributes of Active Directory (AD) and Azure AD.

    • Quickly unify and automate group and account management while protecting and securing critical administrative access.

    • Free up valuable resources to concentrate on other IT tasks, fully confident that your user permissions, critical data, and privileged access are safe and secure.

    Managing accounts in AD and Azure AD can be tremendously challenging; continually keeping these important systems safe and secure presents an even greater challenge. Traditional tools can be inefficient, error-prone, and very disjointed. In today’s robust marketplace, organizations are finding it somewhat difficult to keep pace with the constant access changes in a hybrid AD ecosystem. Additionally, there are significant security issues to consider (government compliance, employee status/access changes, and other confidential business requirements). And, of course, there is a requirement to properly manage Active Directory and Azure Active Directory access in addition to managing all the other numerous SaaS and non-Windows applications that organizations use today.

    Users can easily automate all of these tedious, mundane administrative tasks, keeping their systems safe and error-free. Active Roles ensures users can perform their job responsibilities more effectively, more efficiently, and with minimal manual intervention. Active Roles was created with a flexible design, so organizations can easily scale to meet your organizational needs, today, tomorrow, and in the foreseeable future.

    Reviews from Real Users

    A PeerSpot user who is a Network Analyst at a government tells us, “It has eliminated admin tasks that were bogging down our IT department. Before we started using Active Roles, if one of our frontline staff members deleted a user or group, it could take several hours to try to reverse that mistake. Whereas now, the most our frontline staff can do is a deprovision, which just disables everything in the background, but it's still there. We can go in and have it back the way it was two minutes later. Instead of it taking two hours, it only takes two minutes.

    Becky P., Sr Business Analyst at George Washington University, shares, “In addition, with the use of workflows and the scheduled tasks, we were able to automate and centrally manage a number of the processes as well as utilize them to work around other product limitations. Those include, but are not limited to syncing larger groups, which have 50,000 plus members, to Azure AD. We sync up to Azure AD using ARS. If we had not already had ARS in place, it would have been impossible for us to have done so in the time period we did it in. We did it in under six months. ARS probably saves us at least two weeks out of every month. It's reduced our workload by 50 percent, easily.”

    Sample Customers
    Rockwell Automation
    City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
    Top Industries
    REVIEWERS
    Financial Services Firm24%
    Computer Software Company13%
    Insurance Company12%
    Healthcare Company9%
    VISITORS READING REVIEWS
    Educational Organization30%
    Computer Software Company12%
    Financial Services Firm10%
    Manufacturing Company5%
    REVIEWERS
    Aerospace/Defense Firm18%
    Financial Services Firm18%
    Comms Service Provider9%
    Consumer Goods Company9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm11%
    Government9%
    Healthcare Company8%
    Company Size
    REVIEWERS
    Small Business21%
    Midsize Enterprise13%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise37%
    Large Enterprise48%
    REVIEWERS
    Small Business28%
    Midsize Enterprise6%
    Large Enterprise67%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise10%
    Large Enterprise68%
    Buyer's Guide
    CyberArk Privileged Access Manager vs. One Identity Active Roles
    March 2023
    Free Report: CyberArk Privileged Access Manager vs. One Identity Active Roles
    Find out what your peers are saying about CyberArk Privileged Access Manager vs. One Identity Active Roles and other solutions. Updated: March 2023.
    DOWNLOAD NOW
    767,847 professionals have used our research since 2012.

    CyberArk Privileged Access Manager is ranked 1st in Privileged Access Management (PAM) with 142 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. CyberArk Privileged Access Manager is rated 8.8, while One Identity Active Roles is rated 8.6. The top reviewer of CyberArk Privileged Access Manager writes "Lets you ensure relevant, compliant access in good time and with an audit trail, yet lacks clarity on MITRE ATT&CK". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". CyberArk Privileged Access Manager is most compared with Cisco ISE (Identity Services Engine), Microsoft Entra ID, Delinea Secret Server, WALLIX Bastion and One Identity Safeguard, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Quest Active Administrator. See our CyberArk Privileged Access Manager vs. One Identity Active Roles report.

    We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.