We performed a comparison between F5 BIG-IP Access Policy Manager (APM) and One Identity Active Roles based on real PeerSpot user reviews.
Find out what your peers are saying about Cisco, Zscaler, Palo Alto Networks and others in Secure Web Gateways (SWG)."The solution is stable."
"On the outside, the main differentiation is because Lookout ingest. They have ingested basically all of the apps for the last ten years and all the versions of all the apps, and we have that in a corporate database that allows us to do very large-scale machine learning and analysis on that data set. That's not something that any of the competitors really have the capability to do because they don't have access to the data set. A lot of the apps you can no longer get them because that version of the app is five or six years old, and it just doesn't exist anywhere anymore, except within our infrastructure. So, the ability to have that very rich dataset and learn from that dataset is a real differentiator."
"The protection offered by the product is the most valuable feature. It detects vulnerabilities or traps on our users' phones and then prompts them to clean up their devices. Tools we used previously would only discover, which required us to gather information on the backend, so Lookout is a welcome upgrade."
"The most valuable features are the antivirus as a whole, the anti-malware, and all of the protection features that scan our enterprise devices."
"This is a product that is easy to install and integrate, and it is simple to use."
"In my opinion, the GUI is perfect with the configuration options provided. F5 BIG-IP has given customization options and policy configuration tools in the GUI. It's good and good enough to work."
"The tool is reliable and easy to configure."
"The solution is stable and reliable."
"Our customers have never complained about the stability"
"F5 BIG-IP APM is relatively easy to use."
"The load balancing features are valuable."
"The most valuable feature is the virtual IP creation. It's our most frequently used feature."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"The solution is stable."
"From the analysis that we've done, they do seem to be maybe a step behind in trying to enter the market with a new solution. But when they do pick up, they do come out with some good products."
"The stability depends on the service from where you access it. Because sometimes, the place you are in, you have Gateway. You don't have Gateway. The gateway is overutilized. At the end, you need to go through their gateways. And this is the key point here. You have a tracking point. If it's not well orchestrated, and it scales up as you add more to the existing team, you will suffer"
"We just submitted an enhancement request reflecting the main area we want to see improvement in; the APIs. Currently, we're able to build dashboards, but it's somewhat backward because we use our MDM API to create them. Lookout should provide API to customers so we can query our data and use it in our cloud, and this is the only outstanding area for improvement with the product right now."
"Lookout was moving into the SSE space. And so their work on SecureWeb Gateway and SD-WAN is still sort of evolving."
"Cloud services are something that F5 Access Policy Manager could do better"
"I'd suggest improved documentation integration directly within the GUI. Right now, finding comprehensive documentation often requires going to external websites like the community portal."
"The solution’s GUI looks very old."
"We do not have knowledgeable support teams locally."
"The solution is quite costly."
"The operational deployment is not great."
"The technical support’s response time must be improved."
"The price of this product can be improved."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"Most of the time it just works."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
More F5 BIG-IP Access Policy Manager (APM) Pricing and Cost Advice →
F5 BIG-IP Access Policy Manager (APM) is ranked 18th in Secure Web Gateways (SWG) with 13 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. F5 BIG-IP Access Policy Manager (APM) is rated 8.2, while One Identity Active Roles is rated 8.6. The top reviewer of F5 BIG-IP Access Policy Manager (APM) writes " Facilitates packet inspection, modification, and offloading and offers visibility and troubleshooting capabilities, allowing for pre-production server testing". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". F5 BIG-IP Access Policy Manager (APM) is most compared with Citrix Gateway, CyberArk Privileged Access Manager, Cisco ISE (Identity Services Engine), Microsoft Remote Desktop Services and Ivanti Connect Secure, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, One Identity Manager, SailPoint IdentityIQ and Softerra Adaxes.
We monitor all Secure Web Gateways (SWG) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.