Try our new research platform with insights from 80,000+ expert users

Cisco Identity Services Engine (ISE) vs One Identity Active Roles comparison

 

Comparison Buyer's Guide

Executive Summary

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
8.4
Cisco Identity Services Engine enhances security, reduces breaches, ensures compliance, simplifies management, and consolidates systems for cost savings and efficiency.
Sentiment score
7.4
One Identity Active Roles enhances efficiency and security, reduces workload and risks, delivering quick returns and increased user satisfaction.
Direct comparisons with Forescout reveal up to 30% to 40% difference in cost savings.
One Identity Active Roles provides excellent reporting and auditing functionality, allowing administrators to track permissions, actions, and responsibilities effectively.
It has saved 90% of the time compared to before.
 

Customer Service

Sentiment score
5.9
Cisco ISE support is praised for knowledge and responsiveness, yet occasionally inconsistent with integration and follow-up challenges.
Sentiment score
7.7
One Identity Active Roles support is responsive and effective, with occasional delays; users rate it between seven and ten.
I rate the technical support as one out of ten.
Sometimes it's challenging to identify which support team is responsible for certain issues, which is a significant concern.
One Identity's support is great.
I rate customer service and support as a seven because, although they are helpful when needed, there can be delays in responding to tickets and finding necessary fixes.
Sometimes having a fix for a bug takes too much time.
 

Scalability Issues

Sentiment score
7.3
Cisco Identity Services Engine (ISE) offers high scalability, supporting large deployments and enterprise expansions despite hardware and setup challenges.
Sentiment score
7.8
One Identity Active Roles is scalable for large user bases, efficiently managing multiple directories and automating tasks.
Factors like architecture, business nature, and legal limitations such as GDPR affect it.
It is very beneficial for large and complex environments.
If you are a major enterprise customer, it is a matter of scaling out on resources with more memory, disk, and CPU power.
The solution is highly scalable, with a scalability rating of nine.
 

Stability Issues

Sentiment score
7.7
Cisco ISE is highly reliable and stable, though larger deployments may experience occasional performance and configuration challenges.
Sentiment score
7.4
One Identity Active Roles is generally stable with minimal maintenance, but occasional performance lags and updates are needed.
Cisco Identity Services Engine (ISE) is considered very reliable and stable.
The stability of Cisco Identity Services Engine (ISE) is poor for certain use cases, like authentication.
There were no major problems with One Identity Active Roles.
We haven't had any glitches.
I would rate the stability as a seven because there are sometimes performance issues, which require restarting the services.
 

Room For Improvement

Cisco Identity Services Engine requires improved integration, user interface, documentation, compatibility, and management efficiency to enhance user experience.
One Identity Active Roles needs better web interface customization, scripting support, integration, user interface scalability, and improved workflows and security.
The whole setup works well with Cisco access points and Cisco switches, but when you have multiple vendors in the environment, such as HP switches or access points like Aruba, you'll find they will not work well with Cisco Identity Services Engine (ISE).
Pricing can be more expensive compared to other vendors, and there is a significant price gap observed, which doesn't seem justified by some specific features.
They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases.
A way to connect to various directories and integrate with cloud directories would be beneficial.
Enhancements to the console are also necessary because it is more confusing than the web interface.
The user interface needs to be more modern and scalable.
 

Setup Cost

Cisco ISE offers three pricing tiers, with high costs and complex licensing, but provides extensive features and potential discounts.
One Identity Active Roles uses a user-based licensing model with high costs but offers significant ROI and flexibility.
Compared to other solutions like HPE ClearPass, Cisco is more costly, and the conversation suggests a possible forty percent price gap compared to competitors.
The license costs can range between $50,000 to $100,000 per year for enterprises.
Cloud solutions are expensive, while on-prem setups with shared environments are cheaper but not effective.
It is quite expensive, costing more than 50 euros per identity.
The pricing is high.
The pricing of One Identity Active Roles is expensive, but the return on investment justifies the cost, allowing for savings in other areas.
 

Valuable Features

Cisco ISE enhances network security with integration, 802.1X authentication, policy management, ease of use, and strong access control.
One Identity Active Roles enhances security and management with robust access control, automation, integration, and centralized directory management.
Cisco Identity Services Engine (ISE) offers authentication using RADIUS, enhancing network security by separating and segregating networks.
The solution is integrated with other Cisco devices and can offer automation for an organization, making deployments more dynamic and providing real-time visibility.
Cisco Identity Services Engine (ISE) is very good at device administration.
It's improved our security posture. It has limited access to our crown jewels, where all our identities lie within Active Directory.
It helps in removing custom Active Directory delegation, which enhances security by eliminating unnecessary privileges, addressing identity-based breaches by reducing the number of Active Directory delegations.
It is very intuitive and close to the native tools.
 

Categories and Ranking

Cisco Identity Services Eng...
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
142
Ranking in other categories
Network Access Control (NAC) (1st), Cisco Security Portfolio (1st)
One Identity Active Roles
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
25
Ranking in other categories
User Provisioning Software (5th), Active Directory Management (5th), Non-Human Identity Management (NHIM) (5th)
 

Mindshare comparison

Cisco Identity Services Engine (ISE) and One Identity Active Roles aren’t in the same category and serve different purposes. Cisco Identity Services Engine (ISE) is designed for Network Access Control (NAC) and holds a mindshare of 26.3%, down 31.4% compared to last year.
One Identity Active Roles, on the other hand, focuses on Active Directory Management, holds 5.4% mindshare, down 7.0% since last year.
Network Access Control (NAC)
Active Directory Management
 

Featured Reviews

SunilkumarNaganuri - PeerSpot reviewer
Enhanced device administration hindered by complex deployment and security limitations
Cisco Identity Services Engine (ISE) needs to improve the profiling preauthentication. They are very poor in asset classification and should focus on improving the preauthentication profiling, especially for NAC use cases. This will give them a roadmap for software-defined access (SDA) use cases and network segmentation. Threat detection capabilities are very weak. Additionally, the product is vulnerable and has many bugs.
Grzegorz Kosela - PeerSpot reviewer
Task automation simplifies user and delegation management while offering a customizable interface
Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly. The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer. The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it. It's helped increase operational efficiency by 50%. It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively. We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access. It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times. We've just integrated with our HR system. It helps us follow activated and deactivated users. I'd rate the granular controls on offer ten out of ten. We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface.
report
Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
848,253 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Educational Organization
24%
Computer Software Company
14%
Financial Services Firm
8%
Government
7%
Computer Software Company
17%
Financial Services Firm
12%
Government
7%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Which is better - Aruba Clearpass or Cisco ISE?
Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely ...
What are the main differences between Cisco ISE and Forescout Platform?
OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers, ...
How does Cisco ISE compare with Fortinet FortiNAC?
Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user exper...
What is your experience regarding pricing and costs for One Identity Active Roles?
The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.
What needs improvement with One Identity Active Roles?
There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.
 

Also Known As

Cisco ISE
Quest Active Roles
 

Overview

 

Sample Customers

Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
Find out what your peers are saying about Cisco, Hewlett Packard Enterprise, Fortinet and others in Network Access Control (NAC). Updated: April 2025.
848,253 professionals have used our research since 2012.