We performed a comparison between IBM Security Identity Governance and Intelligence, One Identity Active Roles, and Symantec Identity Governance and Administration based on real PeerSpot user reviews.
Find out what your peers are saying about SailPoint, One Identity, Omada and others in User Provisioning Software."I would rate the price eight out of 10, with 10 as the best value for money."
"Lifecycle management, governance and documentation."
More IBM Security Identity Governance and Intelligence Pros →
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"It gives us attribute-level control and the AD management features work very well."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"Governance."
"Out-of-the-box the product has a lot of opportunity for configuration and sophisticated identity management capability."
"The scalability potential is there if a company needs to expand."
"It's a very useful tool that has improved our client's security, from day one."
"Using the implementation guide, I was able to implement the solution with ease."
"I like that it is easy to diagnose. It has a version of a virtual appliance so we can download it, run it, configure it, and it would take about 10 to 15 minutes to configure the cluster or so."
"Self-registration and self-service password management are valuable features. The role modeling feature is also very useful. It allows you to model your enterprise role."
"Automated provisioning removes manual labor and manual provisioning."
"Self service center is not always easy to understand."
"The solution is a bit pricey for some regions."
More IBM Security Identity Governance and Intelligence Cons →
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"The ability to send logs to a SIEM would be very beneficial."
"Most of the time it just works."
"The solution needs an attestation process that includes certification and recertification attestation."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"The product has a lot of need for improvement. Our issues are being raised back to the vendor as enhancements."
"Although the capabilities are there, the user interface needs to be redesigned and the opportunities for integration should be improved."
"The support from Symantec Identity Governance and Administration could improve."
"In the next release, there should be provisioning of your certifications."
"I find the API boring. I also faced issues while integrating with CA SSO."
"There are times that it takes too long to generate reports and to run the assessment tools to collect the information."
"Integration capabilities with other solutions and formats, including JSON, could be improved."
"The solution is not the best or the fastest available."
More IBM Security Identity Governance and Intelligence Pricing and Cost Advice →
More Symantec Identity Governance and Administration Pricing and Cost Advice →