We performed a comparison between One Identity Active Roles and One Identity Manager based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It gives us attribute-level control and the AD management features work very well."
"The solution is stable."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"Secure access is the most valuable feature."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"It is easy to use and handle."
"It's very easy to roll out."
"It has many features which can be combined and configured in a great way, then put together in projects and ways that developers didn't think were possible, which has been great."
"It's very flexible. You can customize it to the fullest extent. You can use it for almost every situation for every customer."
"For me, personally, the automation is the most valuable feature. I don't have to do things manually, like creating user accounts and provisioning them to the target systems."
"The most valuable features include the automated attestations or recertification... The time that people have to focus on their real jobs and not spend it doing recertifications is huge."
"You can scale it quite big, which is good. It has good sizing."
"It is easy to extend the product for custom purposes."
"The ability to send logs to a SIEM would be very beneficial."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"The way you can search groups could be better."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"Sometimes, when we implement One Identity in the organization, customization has to happen. You cannot skip the customization. You cannot just implement the One Identity model and go ahead with it. However, whenever we make any customizations, the logic of the customization can interfere with the existing logging of One Identity. All such things have to be a bit clear. They have to be well documented. One Identity should provide information about how these things work."
"The product's GUI could be more user-friendly."
"The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or a 1000 people, but when it is a large number, it is quite difficult to maintain."
"It is a very powerful solution, but when it comes to doing some complex parameterization or authorization, we end up coding. Comparatively, CA solutions require less coding. It is more powerful than the CA solutions, but you end up with coding in VB.Net or C#. Complex parameterization could be better from their side."
"Integration with various applications should be made smoother. It is very difficult right now for regular implementers. Access reviews are another thing that is not that good in the solution. It needs improvement."
"We fell into that trap of over-customization which made upgrading the product difficult."
"The initial setup was complex. It is an extremely complicated thing to replace an entire self-built solution."
"One Identity Manager is currently in the process of modernizing its UI, which I hope will result in a more user-friendly interface for its Identity Manager. However, it is uncertain whether they have plans to consolidate their various tools into a unified system to simplify configuration and tasks."
One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews while One Identity Manager is ranked 2nd in User Provisioning Software with 75 reviews. One Identity Active Roles is rated 8.6, while One Identity Manager is rated 8.0. The top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, Softerra Adaxes and NetIQ Directory and Resource Administrator, whereas One Identity Manager is most compared with SailPoint IdentityIQ, Oracle Identity Governance, EVOLVEUM midPoint, Cisco ISE (Identity Services Engine) and Microsoft Identity Manager. See our One Identity Active Roles vs. One Identity Manager report.
See our list of best User Provisioning Software vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.