Try our new research platform with insights from 80,000+ expert users

One Identity Active Roles vs SAP Identity Management comparison

One Identity and SAP are both solutions in the User Provisioning Software category. One Identity is ranked #5 with an average rating of 8.5, while SAP is ranked #7 with an average rating of 9.0. One Identity holds a 4.2% mindshare in UP, compared to SAP’s 4.5% mindshare. Additionally, 100% of One Identity users are willing to recommend the solution, compared to 92% of SAP users who would recommend it.
One Identity Active Roles
Read 25 One Identity Active Roles reviews
  • 1,538 Views
  • 558 Comparison Views
100% willing to recommend
SAP Identity Management
Read 13 SAP Identity Management reviews
  • 1,056 Views
  • 755 Comparison Views
92% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 6, 2024

SAP Identity Management and One Identity Active Roles are leading solutions in the identity management category. The comparison analysis suggests that One Identity Active Roles has a competitive edge with its advanced capabilities, although SAP Identity Management performs strongly in other areas.

Features: SAP Identity Management is noted for its robust integration capabilities, automation features, and business roles, which together streamline processes within complex environments. One Identity Active Roles provides strong role-based delegation, policy-driven automation, and dynamic group management, enhancing operational efficiency and responsiveness.

Room for Improvement: SAP Identity Management lacks user-focused customizations and requires more flexibility in deployment options. It could benefit from enhanced user experience and a simplified setup process. One Identity Active Roles could improve its integration capabilities with SAP applications, offer more out-of-the-box connectors, and could simplify its initial configuration requirements for better ease of use.

Ease of Deployment and Customer Service: SAP Identity Management features a comprehensive deployment model tailored for integration into existing SAP landscapes and is backed by customer service noted for deep enterprise expertise. One Identity Active Roles stands out with its flexible deployment options, strong third-party integration support, and efficient customer service, making the setup simpler across diverse environments.

Pricing and ROI: SAP Identity Management often involves higher initial costs due to its complexity, yet provides substantial ROI through its extensive integration potential. One Identity Active Roles presents a simpler pricing model with lower upfront costs, yielding quick ROI through efficient deployment and management capabilities. The distinction lies in SAP's long-term integration value contrasted with One Identity’s cost-effective, rapid return.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed One Identity Active Roles vs. SAP Identity Management Report (Updated: March 2025).
Buyer's Guide
One Identity Active Roles vs. SAP Identity Management
March 2025
Download the complete report
Helped 846,617 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

One Identity Active Roles
Ranking in User Provisioning Software
5th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
25
Ranking in other categories
Active Directory Management (5th), Non-Human Identity Management (NHIM) (5th)
SAP Identity Management
Ranking in User Provisioning Software
7th
Average Rating
7.8
Reviews Sentiment
6.5
Number of Reviews
13
Ranking in other categories
Identity Management (IM) (15th)
 

Mindshare comparison

As of April 2025, in the User Provisioning Software category, the mindshare of One Identity Active Roles is 4.2%, down from 4.4% compared to the previous year. The mindshare of SAP Identity Management is 4.5%, down from 6.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Provisioning Software
 

Featured Reviews

Grzegorz Kosela - PeerSpot reviewer
Task automation simplifies user and delegation management while offering a customizable interface
Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly. The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer. The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it. It's helped increase operational efficiency by 50%. It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively. We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access. It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times. We've just integrated with our HR system. It helps us follow activated and deactivated users. I'd rate the granular controls on offer ten out of ten. We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface.
Read full review
Imran Rafi - PeerSpot reviewer
Allows for seamless integration and provides a unified login experience
I believe it is widely used by all our clients. They usually have three or four applications, and it's not advisable to use separate physical logins for each authentication. That's why they prefer a cloud application, where they can find a unified login for all applications. The solution is scalable, and we can handle multiple users and customers. We can accommodate different authentication requirements for various groups of employees. It's a flexible solution that can be tailored according to specific needs.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Having a tool to manage all changes to AD from a single pane of glass is awesome."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"The ease of managing on-prem and cloud-based directories through a single pane of glass is good."
"The ease of managing on-prem and cloud-based directories through a single pane of glass is good."
"The solution is stable."
"Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface."
More One Identity Active Roles pros
"The tool's most valuable features are its access control and approval of access requests. The self-service password reset feature is efficient. Role management capabilities streamline user access by assigning and revoking roles."
"What's most valuable in SAP Identity Management is that it's easily an out-of-the-box solution for connectivity with SAP applications. We do not have to do any customizations, and this makes the solution very compatible with most SAP applications. SAP Identity Management is also very user-friendly."
"Rather than implement a basic SSO, this solution assisted us with setting up two-factor authentication."
"It provides basic automatic user administration and role provisioning to save time."
"What I found most valuable in SAP Identity Management is process automation. The solution also gives transparency about what is happening and why which I find beneficial. Another feature I found valuable in SAP Identity Management is integration. It has very good integration."
"The setup process is straightforward."
"The most valuable features of SAP Identity Management are business roles and automated user provisioning."
"What I like about SAP Identity Management is that it's stable for experienced users and suitable for access management, not just for SAP accounts, but for Active Directory, including file sharing and process sharing."
More SAP Identity Management pros
 

Cons

"The possibility to request group membership, similar to the past, was disabled and moved to Identity Manager."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"The user interface needs to be more modern and scalable. There are certain screen resolutions where the product is unusable."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"The ability to send logs to a SIEM would be very beneficial."
"The way you can search groups could be better."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
More One Identity Active Roles cons
"One of the areas for improvement in the solution is its user interface which needs to be up-to-date and fancier, in particular, have better visualization in terms of the tabs and buttons. The user interface of SAP Identity Management should be improved based on the latest trends."
"What needs improvement in SAP Identity Management is its compatibility with third-party applications. We'd like to get connectors or plugin settings to make it easier to manage other applications, whether SAP or non SAP applications. As SAP Identity Management is not compatible with non SAP applications, some of the clients are looking for other IDM applications such as SalePoint and Saviynt, so this is an issue we've observed in the solution."
"It needs to have the SSO for the HANA modules that SAP is releasing."
"SAP Identity Management can improve risk analysis and authority checks."
"The pricing could be better."
"Research and marketing need to be improved."
"A lack of startup connectors to different systems, and could have better connectors for SAP IDM."
"I have encountered issues with the host authentication feature."
More SAP Identity Management cons
 

Pricing and Cost Advice

"The licensing model is a simple user-based model, not that much complicated."
"It's fairly priced."
"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."
"It's expensive."
"The pricing is on the higher end."
"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."
"The licensing cost varies depending on the specific requirements and deployment size."
"I rate the solution's pricing a four out of ten."
"When evaluating the price of any product, I first look at how it meets my business requirements and if it meets requirements adequately and predictively. Currently, I don't see this from SAP Identity Management, so pricing for it is expensive, in my opinion."
report
See which vendors are best for you
Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.
See recommendations
846,617 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
12%
Government
8%
Healthcare Company
7%
Manufacturing Company
15%
Computer Software Company
14%
Energy/Utilities Company
8%
Financial Services Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about One Identity Active Roles?
The solution is stable.
See all answers
What is your experience regarding pricing and costs for One Identity Active Roles?
The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.
See all answers
What needs improvement with One Identity Active Roles?
There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.
See all answers
What do you like most about SAP Identity Management?
The tool's most valuable features are its access control and approval of access requests. The self-service password reset feature is efficient. Role management capabilities streamline user access b...
See all answers
What needs improvement with SAP Identity Management?
I have encountered issues with the host authentication feature.
See all answers
What is your primary use case for SAP Identity Management?
Our clients utilize the tool to automate user provisioning and manage identity, security, and user roles within their IT environment. It is configured as a tenant for this purpose, and it includes ...
See all answers
 

Comparisons

SailPoint Identity Security Cloud vs One Identity Active Roles Logo
SailPoint Identity Security Cloud vs One Identity Active Roles
Compared 23% of the time
Microsoft Entra ID vs One Identity Active Roles Logo
Microsoft Entra ID vs One Identity Active Roles
Compared 16% of the time
ManageEngine ADManager Plus vs One Identity Active Roles Logo
ManageEngine ADManager Plus vs One Identity Active Roles
Compared 14% of the time
One Identity Manager vs One Identity Active Roles Logo
One Identity Manager vs One Identity Active Roles
Compared 11% of the time
Softerra Adaxes vs One Identity Active Roles Logo
Softerra Adaxes vs One Identity Active Roles
Compared 8% of the time
More One Identity Active Roles Competitors
SailPoint Identity Security Cloud vs SAP Identity Management Logo
SailPoint Identity Security Cloud vs SAP Identity Management
Compared 32% of the time
Omada Identity vs SAP Identity Management Logo
Omada Identity vs SAP Identity Management
Compared 8% of the time
Saviynt vs SAP Identity Management Logo
Saviynt vs SAP Identity Management
Compared 8% of the time
SAP Customer Data Cloud vs SAP Identity Management Logo
SAP Customer Data Cloud vs SAP Identity Management
Compared 6% of the time
Microsoft Entra ID vs SAP Identity Management Logo
Microsoft Entra ID vs SAP Identity Management
Compared 6% of the time
More SAP Identity Management Competitors
 

Product Reports

Buyer's Guide
One Identity Active Roles
March 2025
One Identity Active Roles reportDownload One Identity Active Roles product report
Buyer's Guide
SAP Identity Management
March 2025
SAP Identity Management reportDownload SAP Identity Management product report
 

Also Known As

Quest Active Roles
SAP NetWeaver Identity Management, NetWeaver Identity Management
 

Overview

One Identity Active Roles is a highly regarded solution for Active Directory (AD) security and account management. One Identity Active Roles will enhance group, account, and directory management while eradicating the need for manual processes. The end result is a significant increase in the overall speed, efficiency, and security of the organization.

Using One Identity Active Roles, users can:

  • Easily increase and strengthen native attributes of Active Directory (AD) and Azure AD.

  • Quickly unify and automate group and account management while protecting and securing critical administrative access.

  • Free up valuable resources to concentrate on other IT tasks, fully confident that your user permissions, critical data, and privileged access are safe and secure.

Managing accounts in AD and Azure AD can be tremendously challenging; continually keeping these important systems safe and secure presents an even greater challenge. Traditional tools can be inefficient, error-prone, and very disjointed. In today’s robust marketplace, organizations are finding it somewhat difficult to keep pace with the constant access changes in a hybrid AD ecosystem. Additionally, there are significant security issues to consider (government compliance, employee status/access changes, and other confidential business requirements). And, of course, there is a requirement to properly manage Active Directory and Azure Active Directory access in addition to managing all the other numerous SaaS and non-Windows applications that organizations use today.

Users can easily automate all of these tedious, mundane administrative tasks, keeping their systems safe and error-free. Active Roles ensures users can perform their job responsibilities more effectively, more efficiently, and with minimal manual intervention. Active Roles was created with a flexible design, so organizations can easily scale to meet your organizational needs, today, tomorrow, and in the foreseeable future.

Reviews from Real Users

A PeerSpot user who is a Network Analyst at a government tells us, “It has eliminated admin tasks that were bogging down our IT department. Before we started using Active Roles, if one of our frontline staff members deleted a user or group, it could take several hours to try to reverse that mistake. Whereas now, the most our frontline staff can do is a deprovision, which just disables everything in the background, but it's still there. We can go in and have it back the way it was two minutes later. Instead of it taking two hours, it only takes two minutes.

Becky P., Sr Business Analyst at George Washington University, shares, “In addition, with the use of workflows and the scheduled tasks, we were able to automate and centrally manage a number of the processes as well as utilize them to work around other product limitations. Those include, but are not limited to syncing larger groups, which have 50,000 plus members, to Azure AD. We sync up to Azure AD using ARS. If we had not already had ARS in place, it would have been impossible for us to have done so in the time period we did it in. We did it in under six months. ARS probably saves us at least two weeks out of every month. It's reduced our workload by 50 percent, easily.”

One Identity

Reduce risk and centrally manage user access across your enterprise – with SAP Identity Management. The software integrates with your business processes to provide robust data and application security. Keep your operations running smoothly – and boost productivity by providing role-based user access, self-service password reset, approval workflows, and more.

SAP
 

Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
State of Indiana, Automotive Resources International (ARI), Alliander N.V., Chemion Logistik GmbH, Seoul National University Bundang Hospital (SNUBH)
Buyer's Guide
One Identity Active Roles vs. SAP Identity Management
March 2025
Free Report: One Identity Active Roles vs. SAP Identity Management
Find out what your peers are saying about One Identity Active Roles vs. SAP Identity Management and other solutions. Updated: March 2025.
DOWNLOAD NOW
846,617 professionals have used our research since 2012.
See our One Identity Active Roles vs. SAP Identity Management report.
See our list of best User Provisioning Software vendors.

We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.