Cisco ISE (Identity Services Engine) vs One Identity Manager comparison

Cancel
You must select at least 2 products to compare!
Comparison Buyer's Guide
Executive Summary

We performed a comparison between Cisco ISE (Identity Services Engine) and One Identity Manager based on real PeerSpot user reviews.

Find out what your peers are saying about Cisco, HPE Aruba Networking, Forescout and others in Network Access Control (NAC).
To learn more, read our detailed Network Access Control (NAC) Report (Updated: March 2024).
765,234 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the guest access feature, which has been important for us.""Easy to use and provides good support""It works as a good RADIUS server. It has lots of features. It works with all the proprietary Cisco AB pairs and features.""The features that do work, work well, and we use it on a daily basis.""It is scalable because we use a network load balancer at the front of the PSN. It can be extended as we want to multiply. It's scalable to our environment. We have around 8,000 users and we are planning to expand it.""We found all the features of the product to be valuable.""The valuable feature of the solution lies in its integration capabilities with other applications.""For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you."

More Cisco ISE (Identity Services Engine) Pros →

"The back-end, its capabilities, and workflows are very good.""One Identity Manager offers several features that I found advantageous compared to other tools.""The biggest improvement has been the auditing. Now we have a record of what the users have, what the users have requested and when, and when things were approved. It's all in the same system.""With this product, we been able to bring together HR, IT, and lifecycle management. It is very helpful for managing the Joiner/Mover/Leaver process. We also use it for compliance on all the audits which are around.""In terms of the most valuable feature of One Identity Manager, it's not like one feature is useful without the other features. It's not a tool, but it's more an overall integrated solution that is helpful and not specifically one solution on its own. The best points of One Identity Manager would be its process orchestration and synchronization manager.""The IT shop is a great tool that allows a simple interface for users to see their access, be able to request additional access, and view the workflow approval process to understand where their request is and what any hold-ups may be.""We have been able to make our help desk self-sufficient by giving them role-based access. We have been able to reduce service dependency by 40% to 50%.""The connection with multiple systems is what makes it flexible. We can create the accounts flexibly, enabling access to other systems. In addition to Active Directory, it can extend to SAP, to Salesforce, to Office 365, etc."

More One Identity Manager Pros →

Cons
"In order to make it a ten, it should be more user-friendly. You need somebody who is knowledgeable about it to use it. It's not easy to use. We have to rely heavily on technical support.""Sometimes some of Cisco ISE's graphical interfaces could be a little bit smoother. However, with the different versions, the product is getting better and better.""There is room for improvement in CLI. Most things are done through the GUI, and there aren't many commands or troubleshooting options available compared to other Cisco products like switches and routers.""Deploying to a machine, as opposed to a dedicated appliance, can be a bit difficult.""I would like to see the product simplified more, especially with the configuration.""The interface could be more user-friendly and the ability to apply rules to MAC addresses, for example, if I wanted to allow a certain MAC address access at a particular time I cannot make this adjustment.""The installation is not straightforward, it took us approximately one month.""The solution can lag somewhat as we have a large database."

More Cisco ISE (Identity Services Engine) Cons →

"The solution should come up with a lighter version so people can buy different versions.""The initial setup was complex.""One Identity has a self-service portal but many customers need a helpdesk where they can go in and request. To make that happen we need to do a lot of customization. Maybe that could be improved...""It is particularly slow if you are using it in a large organization.""We would like the product to integrate with ServiceNow, since One Identity Manager and ServiceNow are two of our better tools.""The philosophy behind One Identity Manager has always been that there's not one way of working and that you can set it up according to your own identity and access management philosophy, but what would make it better is by shortening the setup time and the learning curve time. If the team could create some best practices with a wizard to set the solution up within companies, that would be a killer feature and would help make identity access management more approachable. That would also help companies that don't have the resources or a dedicated team to set up One Identity Manager. What I'd like to see in the next release of the solution is the addition of just released application governance parts. That would sound promising. It would also be interesting if the team sets up best practice startup wizards, so you could set up One Identity Manager according to selectable best practice wizards instead of setting it up completely by yourself.""The policy and role management features are a bit hard to scale. The whole model for who can do what and how to set it up is not so well-governed for a larger organization. The demos are always shown for a 100 or a 1000 people, but when it is a large number, it is quite difficult to maintain.""I would like to have more advanced features and reporting added to One Identity Manager."

More One Identity Manager Cons →

Pricing and Cost Advice
  • "There are three levels of pricing: basic, plus, and apex. Basic satisfied our needs."
  • "If you go directly with Cisco for the implementation it's very, very expensive."
  • "The SMARTnet technical support is available at an additional cost."
  • "For the Avast virus scan, we pay around USD $95 per machine for five years which includes all updates and technical support."
  • "The price for Cisco ISE is high."
  • "The price can be lower, especially for subscriptions. It should be a lot cheaper to have a wide range of customers. The price should be comparable to competitive products like Forescout or Fortinet FortiNAC. Forescout is cheaper for customers looking for a cloud solution."
  • "There are other cheaper options available."
  • "The price is okay."
  • More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →

  • "Start with an operations team that is motivated to learn a lot in a short period of time. The longer you wait, the more expensive it will be to get the right level of expertise in this area."
  • "There are old processes that are really great for some people and look like pieces of artwork. However, the maintenance of them is really expensive."
  • "The solution is flexible, in general. You can define the parts of the solution that you want to use, and it won't affect the price."
  • "We have the premium support and are very satisfied. They are always answer our questions very quickly. For the moment, we are very satisfied, but I think it's because we are paying for the premium support."
  • "It helps us save on licenses for applications because we are following the account lifecycle, as well as account reactivation."
  • "We are paying for premium support, which is expensive. However, we do receive very good, fast support."
  • "It needs flexibility in the licensing or packaging, because you buy the entire package at once, and sometimes the customers are a bit overwhelmed with whatever they get. I would like if they could cut the licensing or packaging into somewhat smaller things."
  • "It has helped to reduce customer costs."
  • More One Identity Manager Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Network Access Control (NAC) solutions are best for your needs.
    765,234 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: Aruba ClearPass is a Network Access Control tool that gives secure network access to multiple device types. You can adapt the policies to VPN access, wired, or wireless access. You can securely… more »
    Top Answer:OK, so Cisco ISE uses 802.1X to secure switchports against unauthorized access. The drawback of this is that ISE cannot secure the port if a device does not support 802.1x. Cameras, badge readers… more »
    Top Answer:Cisco ISE uses AI endpoint analytics to identify new devices based on their behavior. It will also notify you if someone plugs in with a device that is not allowed and will block it. The user… more »
    Top Answer:One Identity Manager offers several features that I found advantageous compared to other tools.
    Top Answer:One Identity Manager has a reasonable price point. Given the features and functionality it provides, the cost is justified.
    Top Answer:One area where One Identity Manager could be improved is in database performance. When handling a large number of users, I believe that built-in indexing or other optimizations would be beneficial… more »
    Ranking
    Views
    24,825
    Comparisons
    16,525
    Reviews
    74
    Average Words per Review
    756
    Rating
    8.5
    3rd
    Views
    5,185
    Comparisons
    2,929
    Reviews
    29
    Average Words per Review
    980
    Rating
    8.2
    Comparisons
    Also Known As
    Cisco ISE
    Quest One Identity Manager, Dell One Identity Manager
    Learn More
    Overview

    Cisco ISE is an all-in-one solution that streamlines security policy management and reduces operating costs. Cisco ISE delivers visibility and access control over users and devices across wired, wireless, and VPN connections.

    Identity Services Engine enables enterprises to deliver secure network access to users and devices. It shares contextual data, such as threats and vulnerabilities, with integrated solutions from Cisco technology partners. You can see what is happening in your network, which applications are running, and more.

    Features of Cisco ISE

    • Centralized management helps administrators configure and manage user profile characteristics - a single pane of glass for integrated management services.
    • Contextual identity and business policy: The rule-based attribute is a driven policy model. The goal is to provide flexible access control policies.
    • Wide range of access control options, including Virtual LAN (VLAN) URL redirections, and access control lists.
    • Supplicant-less network access: You can roll out secure network access by deriving authentication from login information across application layers.
    • Guest lifecycle management streamlines the experience for implementing and customizing network access for guests.
    • Built-in AAA services: The platform uses standard RADIUS protocol for authentication, authorization, and accounting.
    • Device auditing, administration, and access control provide users with access on a need-to-know and need-to-act basis. It keeps audit trails for every change in the network.
    • Device profiling: ISE features predefined device templates for different types of endpoints.
    • Internal certificate authority: Qn easy-to-deploy single console to manage endpoints and certificates.

    Benefits of Cisco ISE

    Cisco’s holistic approach to network access security has several advantages:

    • Context-based access based on your company policies. ISE creates a complete contextual identity, including attributes such as user, time, location, threat, access type, and vulnerability. This contextual identity is used to enforce a secure access policy. Administrators can apply strict control over how and when endpoints are allowed in the network.
    • Better network visibility via an easy-to-use, simple console. In addition, visibility is improved by storing a detailed attribute history of all endpoints connected to the network.
    • Comprehensive policy enforcement. ISE sets easy and flexible access rules. These rules are controlled from a central console that enforces them across the network and security infrastructure. You can define policies that differentiate between registered users and guests. The system uses group tags that enable access control on business rules instead of IP addresses.
    • Self-service device onboarding enables the enterprise to implement a Bring-Your-Own-Device (BYOD) policy securely. Users can manage their devices according to the policies defined by IT administrators. (IT remains in charge of provisioning and posturing to comply with security policies.)
    • Consistent guest experiences: You can provide guests with different levels of access from different connections. You can customize guest portals via a cloud-delivered portal editor with dynamic visual tools.

    Support

    You can get ISE as a physical or virtual appliance. Both deployments can create ISE clusters that create scale, redundancy, and requirements.

    Licensing

    Cisco ISE has four primary licences. Evaluation for up to 100 endpoints with full platform functionality. The higher tiers are Partner, Advantage and Essential.

    Reviews from Real Users

    "The user experience of the solution is great. It's a very transparent system. according to a PeerSpot user in Cyber Security at a manufacturing company.

    Omar Z., Network & Security Engineer at an engineering company, feels that "The RADIUS Server holds the most value."

    “Whether I deploy in China, the US, South Africa, or wherever, I can get all the capabilities. It allows me to directly integrate with 365, and from a communications point of view, that is a good capability," says Rammohan M., Senior Consultant at a tech services company.

    Hassan A.,Technology Manager at Advanced Integrated Systems, says that "The most valuable feature is the integration with StealthWatch and DNA as one fabric."




    One Identity Manager is a value-added and trusted active directory management and user provisioning software solution. One Identity Manager administers and protects an organization’s data and users, minimizes threats, and ensures that compliance regulations are consistently satisfied.

    Users will have access to the data and applications they need when they need them. One Identity can be used on premises, in the cloud, and also with hybrid options. One Identity Manager is able to easily combine strict governance compliance regulations and rigorous security protocols to keep business enterprises secure and functional today and into the future. One Identity Manager is also a robust, scalable identity governance and administration (IGA) solution. The solution is designed to meet the changing needs of a growing dynamic business enterprise, and not be limited or left vulnerable by IT department constricts.

    One Identity consistently provides robust security solutions that facilitate a strong secure enterprise where the users, applications, and critical data are safe and secure. The unified identity security platform provides identity governance and administration (IGA), privileged access management (PAM), active directory management and security (ADMS), and identity and access management (IAM) processes to ensure an aggressive stance on security for today’s dynamic enterprise organizations.

    One Identity is used by more than 11,000 organizations worldwide managing over five hundred million plus identities.

    One Identity Manager Features

    • Self-service options: Organizations save time and are able to get tasks completed easily. Users can request permissions or access and receive predetermined approval based on role assignments.

    • Password management: Organizations can easily reset user passwords based on established organizational protocols. Password policies can be determined according to user roles and assignments.

    • Governance: One Identity Manager offers complete visibility regarding data access, such as who has access, when the access was given, and the reasons why access was given. The solution delivers clear reporting to comply with any regulatory requirements.

    • SAP certified: Users are able to amplify existing SAP security protocols and seamlessly connect accounts under governance. One Identity Manager is a complete identity access solution.

    • Reporting: One Identity Manager delivers reliable reporting regarding user access and privileged access to an organization's network. The reporting can satisfy all government and regulatory compliance standards.

    • Connectors: One Identity Manager’s significant amount of available connectors enable organizations to easily extend identity governance to the cloud and will ensure cloud application time is minimized significantly.

    Reviews from Real Users

    The initial setup process for an employee is straightforward. We set up processes for user accounts and we can add other processes to them. Our goal is to automate all user-permission and user-administration processes with One Identity and we are doing that more and more.” - Marc H., IT Architect at a tech services company

    “The most valuable features are that it has a lot of capabilities, can integrate with a lot of systems, including automated onboarding like CyberArk, and allows you to integrate different entities.” - Security Consultant at a financial services firm

    Sample Customers
    Aegean Motorway, BC Hydro, Beachbody, Bucks County Intermediate Unit , Cisco IT, Derby City Council, Global Banking Customer, Gobierno de Castilla-La Mancha, Houston Methodist, Linz AG, London Hydro, Ministry of Foreign Affairs, Molina Healthcare, MST Systems, New South Wales Rural Fire Service, Reykjavik University, Wildau University
    Texas A&M, Sky Media, BHF Bank, Swiss Post, Union Investment, Wayne State University. More at OneIdentity.com/casestudies
    Top Industries
    REVIEWERS
    Financial Services Firm13%
    Government11%
    Comms Service Provider11%
    Computer Software Company11%
    VISITORS READING REVIEWS
    Educational Organization23%
    Computer Software Company16%
    Government8%
    Financial Services Firm7%
    REVIEWERS
    Financial Services Firm38%
    Manufacturing Company10%
    Healthcare Company10%
    Construction Company8%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm13%
    Government9%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise21%
    Large Enterprise55%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise32%
    Large Enterprise52%
    REVIEWERS
    Small Business29%
    Midsize Enterprise6%
    Large Enterprise65%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise63%
    Buyer's Guide
    Network Access Control (NAC)
    March 2024
    Find out what your peers are saying about Cisco, HPE Aruba Networking, Forescout and others in Network Access Control (NAC). Updated: March 2024.
    765,234 professionals have used our research since 2012.

    Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 135 reviews while One Identity Manager is ranked 3rd in Identity Management (IM) with 74 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while One Identity Manager is rated 8.0. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of One Identity Manager writes "The JML is customizable but the support team isn't strong". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and F5 BIG-IP Access Policy Manager (APM), whereas One Identity Manager is most compared with SailPoint IdentityIQ, Oracle Identity Governance, EVOLVEUM midPoint, ForgeRock and One Identity Active Roles.

    We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.