We performed a comparison between One Identity Active Roles and One Identity Manager based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Having a tool to manage all changes to AD from a single pane of glass is awesome."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager."
"One Identity enables us to provide users with permissions for only the roles that they need. We can use segmentation to ensure that users don't have roles that can cause trouble in the business."
"This solution has helped to increase employee productivity when it comes to provisioning users in our systems. This solution has been really been effective with our retail workers. It wouldn't be possible to onboard and manage our 40,000 store employees without it. The management of the solution is pretty automated."
"It's a huge toolkit, and you can do a lot of stuff with it. You can extend nearly everything, so if you want to build something that may not have been though of by the vendor. Compared with other distributors who design their products to certain specification, you can put in your own processes, because not all companies function the same. You can write what you want, and the process should be like that."
"Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions."
"The most valuable feature for me is the built-in security, which is the best that I have seen."
"The biggest improvement has been the auditing. Now we have a record of what the users have, what the users have requested and when, and when things were approved. It's all in the same system."
"It is easy to extend the product for custom purposes."
"The ability to send logs to a SIEM would be very beneficial."
"Most of the time it just works."
"The way you can search groups could be better."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"The initial setup was quite complex because you run into some existing policies that the company already had. There was some trouble with some inconsequential policies."
"They could make the product more user-friendly. It takes a lot of work to build technical and business cases with the product. The solution is more complex than you think to use."
"We are trying to get rid stability issues from the legacy version. We are now implementing version 8.2, which is so much better than version 6."
"The initial setup was complex. We have a lot of different systems. The journey from implementing to joining all the systems was difficult."
"The UI and user experience side of things needs improvement."
"[Regarding] their upgrades, we're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing."
"Integration with various applications should be made smoother. It is very difficult right now for regular implementers. Access reviews are another thing that is not that good in the solution. It needs improvement."
"We would like the product to integrate with ServiceNow, since One Identity Manager and ServiceNow are two of our better tools."
One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews while One Identity Manager is ranked 2nd in User Provisioning Software with 74 reviews. One Identity Active Roles is rated 8.6, while One Identity Manager is rated 8.0. The top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, Softerra Adaxes and NetIQ Directory and Resource Administrator, whereas One Identity Manager is most compared with SailPoint IdentityIQ, Oracle Identity Governance, EVOLVEUM midPoint, Cisco ISE (Identity Services Engine) and Microsoft Identity Manager. See our One Identity Active Roles vs. One Identity Manager report.
See our list of best User Provisioning Software vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.