"BeyondTrust has very good integrations with quite a lot of security vendors such as SailPoint, IBM, FortiGuard, Splunk, etc."
"It's relatively straightforward to set up, especially if you are deploying to the cloud."
"It is straightforward. It is a good technology, and it is made to do one single thing."
"Technical support is good."
"The privileged access and the application control are helpful in making sure we have good, robust challenge responses. Blacklisting with trusted application protection is also beneficial for us."
"What I liked about this solution is that it can also integrate for tracking malicious use or sending analytics to a host that can process them. I don't know if CyberArk, Centrify, or Thycotic can do that. The analytics was something the client really wanted, and they already had BeyondTrust. It is very scalable. The agent on the workstation is very thin, and the processing power required on a server is nothing out of the ordinary. It is also very stable and easy to deploy."
"The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be."
"The most valuable features include the automated attestations or recertification... The time that people have to focus on their real jobs and not spend it doing recertifications is huge."
"Among the most valuable features of One Identity Manager are administration from Active Directory and Azure Active Directory, as well as administration from Exchange. These features enable us to have fully automated processes to create new accounts and new mailboxes. The most valuable option is the ability to design an automated route to give our customers permissions."
"The most valuable features are that it has a lot of capabilities, can integrate with a lot of systems, including automated onboarding like CyberArk, and allows you to integrate different entities."
"We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%."
"They need to come up with better integrative options which should be customer-centric."
"They are doing good for now, but they should start to consider tight integration with Mac solutions. There should be more integration with Mac. There should be Active Directory (AD) Bridging. Thycotic and Centrify have it currently because they merged and joined forces, and it was a feature available in Centrify. So, basically, they joined forces to create a kind of perfect product. If you have a hybrid or mixed environment with Windows and Mac, your Active Directory can only manage or enforce policies on Windows, but what about your Mac devices? How do you control them? So, AD Bridging will act as a bridge to bring all your Mac devices into your Active Directory. This way you have full control over your entire environment."
"Their technical support could be more responsive and helpful."
"What's bothering me, which is true of all of them, is that sometimes, the error codes that come up don't necessarily get reflected in the searches within their support sites or they're out of date. I would rather search by an error code than type in the text and search for it by text because the error code means that it is programmatic, and it is known. It might not be desired, but it at least is not unexpected. If you don't have an error code, you just get an anomalous error, and if it is lengthy, it can be difficult to search and find the specific instance you're looking for. This is something I would like all of them to improve. BeyondTrust, CyberArk, Centrify, and Thycotic could do some improvements in staying up to date and actually allowing you to search based on the product version. They are assuming that everybody is on their way to release. They put out a new release, but it is not reflected on the support site, which makes no sense to me, especially when they revamp all the error codes. They all have been guilty of this in some way."
"Reporting analytics is one of the areas that can be improved. It is a new cloud-based solution. So, many more specific reports can come out natively. Currently, we get all the events, and we put them in plug-ins. From there, we generate our own design of reports. If there is a much more solid or robust reporting analytics framework within the product itself, it would be helpful."
"If you don't get the implementation right at the outset, you will struggle with the product."
"The web interface has room for improvement. It could be more performant and the design of the web interface is relatively complicated. It could be simplified."
"Right now, they run an on-prem solution. Our preferred solution for cloud is Azure. So, we have yet to determine how we want to take this forward, because at this time, we are only using Graph APIs to do some Azure-related actions."
"[Regarding] their upgrades, we're going to 8.12 right now and everything is running very smoothly but this is actually the first upgrade that has gone off well. Even the other "dots" have taken us six months or longer to get through QA testing."
"One area that could be improved is the speed of performance - it's often a bit slower because of the size of its database."
"We fell into that trap of over-customization which made upgrading the product difficult."
BeyondTrust Endpoint Privilege Management enables organizations to mitigate attacks by removing excess privileges on Windows, Mac, Unix/Linux and networked devices. Remove excessive end user privileges and control applications on Windows, Mac, Unix, Linux, and networked devices without hindering end-user productivity.
Key Solutions Include:
-ENTERPRISE PASSWORD SECURITY
Discover, manage and monitor all privileged accounts and SSH keys, secure privileged assets, and report on all privileged account activity in a single solution.
-ENDPOINT LEAST PRIVILEGE
Enforce least privilege across all Windows and Mac endpoints, gain visibility into target system vulnerabilities, and control access to privileged applications without disrupting user productivity or compromising security.
-SERVER PRIVILEGE MANAGEMENT
Gain control and visibility over Unix, Linux and Windows server user activity without sharing the root or administrator account.
-A SINGLE PLATFORM FOR MANAGEMENT, POLICY, REPORTING AND THREAT ANALYTICS
Utilize a single solution to manage PAM policies and deployment, understand vulnerability and threat analytics, and provide reporting to multiple stakeholders and complementary security systems.
Learn more at https://www.beyondtrust.com/privilege-management
One Identity Manager helps you mitigate risk, secure data, meet uptime requirements and satisfy compliance by giving your users access to data and applications they need and nothing more. IAM can be driven by business needs, not IT capabilities. With Identity Manager, you can manage user identities, privileges and security across the enterprise, putting you in control of identity management and taking the burden off your IT staff.
BeyondTrust Endpoint Privilege Management is ranked 4th in Privileged Access Management (PAM) with 6 reviews while One Identity Manager is ranked 2nd in Identity Management (IM) with 5 reviews. BeyondTrust Endpoint Privilege Management is rated 8.6, while One Identity Manager is rated 8.0. The top reviewer of BeyondTrust Endpoint Privilege Management writes "A simple and flexible solution for controlling the access and improving the security posture". On the other hand, the top reviewer of One Identity Manager writes "Enables us to automate SOX recertification, saving a significant amount of time". BeyondTrust Endpoint Privilege Management is most compared with CyberArk Privileged Access Manager, CyberArk Endpoint Privilege Manager, Delinea Secret Server, Cisco ISE (Identity Services Engine) and One Identity Safeguard, whereas One Identity Manager is most compared with SailPoint IdentityIQ, Cisco ISE (Identity Services Engine), Microsoft Identity Manager, Oracle Identity Governance and RSA Identity Governance and Lifecycle.
We monitor all Privileged Access Management (PAM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.