We performed a comparison between Microsoft Entra ID and One Identity Active Roles based on real PeerSpot user reviews.
Find out in this report how the two Single Sign-On (SSO) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Azure Active Directory provides us with identity-based authentication, which secures access at the user level and also integrates with conditional access policies and multi-factor authentication helping to increase the identity security for that person. So, the hacking and leaking of passwords is a secondary problem because you will not authenticate a person with one factor. There is a second factor of authentication available to increase the security premise for your company."
"Being able to easily authenticate yourself on the MSA app is valuable. It is easy to use. Rather than receiving a code in an SMS, you can just verify that it is you. You don't have to punch in any password or any six-digit code. That's the feature that I like the most."
"Privileged Identity Management and Privileged Identity Management make controlling access considerably easier and ensure that authorized access is achieved."
"We can centralize and manage everything much more effectively with this tool."
"The most valuable feature of Azure AD is its ability to connect with services outside of Microsoft, although documentation is necessary to properly implement these connections."
"The most beneficial feature would be the effectiveness of having a hybrid set-up."
"Azure Active Directory provides access to resources in a very secure manner. We can detect which user is logging in to access resources on the cloud. It gives us a comprehensive audit trace in terms of from where a user signed in and whether a sign-in is a risky sign-in or a normal sign-in. So, there is a lot of security around the access to resources, which helps us in realizing that a particular sign-in is not a normal sign-in. If a sign-in is not normal, Azure Active Directory automatically blocks it for us and sends us an email, and unless we allow that user, he or she won't be able to log in. So, the User Identity Protection feature is the most liked feature for me in Azure Active Directory."
"The solution allows users to authenticate from home, and the Office 360 integration is advantageous."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"Having a tool to manage all changes to AD from a single pane of glass is awesome."
"The solution is stable."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"It gives us attribute-level control and the AD management features work very well."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"Reading documentation could be simplified. Technical support could also be faster."
"I rate Microsoft support five out of 10. It's just okay."
"The main issue is that because Active Directory is in the cloud, it will inevitably be dependent on internet connectivity."
"When we add some user groups, at times they will not be properly configured. Also, sometimes Azure AD is not aware of the group policy, like the control, device functions, and settings, in detail. For example, you cannot configure these settings through mobile devices. It doesn't provide the flexibility to do that. The other challenge is that a third-party application may provide access without authorization."
"We would like to see more system updates."
"The security policy of Azure Active Directory should be based on a matrix so that we can easily visualize which users have access to what."
"If any service is down, it can affect a whole region. We would need to wait on a ticket and get word from Microsoft to understand the issues. If it takes longer to resolve the issue on Microsoft's side, all we can do is wait for them to fix it."
"I believe it can also be integrated into other Microsoft products, as well as more integrations with other solutions."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"The solution needs an attestation process that includes certification and recertification attestation."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
Microsoft Entra ID is ranked 1st in Single Sign-On (SSO) with 190 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. Microsoft Entra ID is rated 8.6, while One Identity Active Roles is rated 8.6. The top reviewer of Microsoft Entra ID writes "Allows users to authenticate from home and has excellent integrations in a simple, stable solution". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". Microsoft Entra ID is most compared with Microsoft Intune, Google Cloud Identity, CyberArk Privileged Access Manager, Yubico YubiKey and Cisco Duo, whereas One Identity Active Roles is most compared with ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager, Softerra Adaxes and NetIQ Directory and Resource Administrator. See our Microsoft Entra ID vs. One Identity Active Roles report.
We monitor all Single Sign-On (SSO) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.