We performed a comparison between One Identity Active Roles and One Identity Safeguard based on real PeerSpot user reviews.
Find out what your peers are saying about SailPoint, One Identity, Omada and others in User Provisioning Software."The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"It gives us attribute-level control and the AD management features work very well."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server."
"Safeguard can define and update processes and procedures into the security framework of a company, including mobile. It allows us to change the policies and configurations on a mass scale in regards to security."
"The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between."
"We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless."
"One of the most important things is that it is very easy to use and install. It is also agentless, so all of the operations happen more smoothly than any other product."
"I like the discovery functionality and the change password feature through the check-in. I also like the bulk import with the help of templates that come with it out of the box. With the help of these few features, my tasks are made easier."
"The Transparent Mode is the number one advantage of the product."
"The most unique and valuable features are the upstream and downstream throughput capacities; the Safeguard platform provides agile integration. In actuality, all the features are valuable. They're good, user-friendly."
"The solution needs an attestation process that includes certification and recertification attestation."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"Most of the time it just works."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"The way you can search groups could be better."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated."
"Transparent mode was too cumbersome, so I don't foresee us being able to use it. On paper when we were initially talking about it, it was definitely going to be the preferred method until we realized the burden it would be on our network guys. Then, we had to step back and reevaluate what we wanted to do. That's when we changed our approach to use the RD Gateway feature."
"We have issues using Safeguard to connect to and record from the cloud. Currently, they don't have a mechanism to record this type of connection."
"The deployment affects our privileged users because it takes a long time for them to request privileges, which impacts the SLA."
"We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what."
"There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product."
"Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service."
"I would like to see support for RDP over HTTPS so this product can be used in conjunction with the Microsoft terminal."
One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews while One Identity Safeguard is ranked 5th in Privileged Access Management (PAM) with 38 reviews. One Identity Active Roles is rated 8.6, while One Identity Safeguard is rated 8.2. The top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". On the other hand, the top reviewer of One Identity Safeguard writes "Provides us with centralized storage of secrets and credentials, and visibility into the use of privileged access". One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Softerra Adaxes, whereas One Identity Safeguard is most compared with CyberArk Privileged Access Manager, WALLIX Bastion, Delinea Secret Server, BeyondTrust Privileged Remote Access and Fudo PAM.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.