IBM Tivoli Access Manager [EOL] vs One Identity Active Roles comparison

IBM and One Identity are both solutions in the User Provisioning Software category. Additionally, 93% of IBM users are willing to recommend the solution, compared to 100% of One Identity users who would recommend it.

IBM Tivoli Access Manager [...

Read 29 IBM Tivoli Access Manager [EOL] reviews

93% willing to recommend

One Identity Active Roles

Read 87 One Identity Active Roles reviews

7,934 Views
2,777 Comparison Views

100% willing to recommend

IBM Tivoli Access Manager [...

One Identity Active Roles

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between IBM Tivoli Access Manager [EOL] and One Identity Active Roles based on real PeerSpot user reviews.

Find out what your peers are saying about One Identity, SailPoint, Omada and others in User Provisioning Software.

To learn more, read our detailed User Provisioning Software Report (Updated: June 2026).

Buyer's Guide

User Provisioning Software

June 2026

Download the complete report

Helped 902,270 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

IBM Tivoli Access Manager [...

Average Rating

8.0

Reviews Sentiment

3.8

Number of Reviews

Ranking in other categories

No ranking in other categories

One Identity Active Roles

Average Rating

8.6

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

User Provisioning Software (3rd), Active Directory Management (1st), Non-Human Identity Management (NHIM) (1st)

Featured Reviews

it_user711612

Senior Consultant at a insurance company with 1,001-5,000 employees

Reverse proxy provides central control over authentication and authorization.

It is a single product that caters for all the business needs throughout the organization. It provides a seamless integration that in turn encourages most of the applications to use the SSO features Reverse proxy is the most valuable feature as it provides central control over authentication and…

Read full review

Varun Mehra

collaboration support engineer at a retailer with 11-50 employees

Automation has transformed onboarding and access control and now streamlines daily governance

While One Identity Active Roles is a strong identity and access management solution overall, there are a few areas where it could improve. One challenge we experienced was the initial setup and configuration complexity. Deploying workflows, policies, and delegation models require careful planning and a good understanding of the Active Directory environment. For organizations without experienced administrators, the learning curve can feel quite steep in the beginning. The user interface could also be more modern and intuitive. Some administrative tasks require navigating through multiple menus and the overall experience could be simplified for faster day-to-day management. Another area for improvement is reporting and customization. While the auditing features are good, creating highly customized reports sometimes requires additional efforts or scripting knowledge. More built-in reporting templates and easier dashboard customization would be helpful. We have also noticed that troubleshooting workflows or synchronization issues can occasionally take time because the logs can be very detailed and technical. Better diagnostic tools and simpler error explanations would improve the operational experience. That said, once the platform is properly configured and maintained, it performs reliably and delivers strong automation, delegation, and governance capabilities. One additional area where One Identity Active Roles could improve is cloud integration and hybrid environment management. While it works well with Active Directory and the Microsoft environment, organizations moving heavily towards cloud-first infrastructure may want even deeper and more seamless integration with modern SaaS platforms and identity providers. Performance optimization in large environments could be improved. In very large enterprise deployments with complex workflows and multiple managed domains, some administrative actions and synchronization tasks can occasionally feel slower than expected. Another point is documentation and onboarding resources. The product is feature-rich, but some advanced configurations require going through extensive documentation. More practical examples, guided setup wizards, and easier to follow best practice guides would help new administrators adopt the platform faster. Overall, the core functionality is solid, and most of the pain points are related more to usability, complexity, and modernization rather than the reliability. One additional improvement I would mention is around integration flexibility with third-party ITSM and DevOps tools. While the platform integrates well within Microsoft-centric environments, broader out-of-the-box integration and simpler API workflows for non-Microsoft ecosystems would make deployment and automation easier for organizations using diverse infrastructure. Another area is upgrade and migration simplicity. In enterprise environments, version upgrades and environment migration sometimes require careful planning and testing. Streamlining that process with more automated compatibility checks and migration assistance would reduce operational overhead.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Capabilities of advanced security are enhanced to support strong, flexible authentifications and authentications based on risks as well as critical internet vulnerabilities."

"It has helped them to improve and control web and mobile application security."

"The WebSEAL reverse proxy is great for protecting your critical systems."

"It is one of the best products in the present market in the area of access management."

"Tivoli Access Manager (or IBM Security Access Manager) is a fully featured web authentication, sso and authorization product."

"It is a good solution for anyone to take to their enterprise and get a buy in."

"The SSO, URL-based access control, OAuth 2 and OIDC are the most valuable features."

"Single Sign-On functionality is valuable because the core purpose of the product is to allow universal (or bespoke) SSO for application suites."

More IBM Tivoli Access Manager [EOL] pros

"One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts."

"The return on investment from One Identity Active Roles has been incredibly clear and measurable for us, with the efficiency in user provisioning and offboarding, which used to take almost 24 to 48 hours due to a multi-step process, now down to just 5 minutes, and a nearly 80% drop in ticket escalation queues after safely delegating tasks to the help desk through clean access templates."

"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."

"We have seen a good return on investment because the automation feature has reduced manual efforts by around thirty to fifty percent and improved efficiency with reduced workload, saving our engineers time."

"One Identity Active Roles has had a strong impact on Active Directory operations by reducing manual administrative workload, improving access governance, and standardizing provisioning and permission management procedures."

"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."

"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."

"Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization."

More One Identity Active Roles pros

Cons

"What I don’t particularly like is the flow duration."

"The license model is pretty complex."

"The self-service portal needs improvement."

"There is only a single step-up authentication path, but I have sometimes seen the need for several steps or a divergent path."

"I would rate the technical support a 6/10."

"There were endless issues with stability in version 8.0.1."

"The product has not been updated with emerging technologies over the years specifically around AJAX, REST and Mobile app integration."

"You must be skilled to use Tivoli Access Manager."

More IBM Tivoli Access Manager [EOL] cons

"One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement."

"I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement."

"The initial setup was quite easy, but it was time-consuming. It took about three months."

"One area where One Identity Active Roles could be improved is troubleshooting and visibility."

"One Identity Active Roles can be improved by simplifying the setup process since a small team in a small business requires implementation without extensive IT support."

"Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues."

"For the AAD management feature, it needs to improve the objects that we can manage and the security."

"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."

More One Identity Active Roles cons

Pricing and Cost Advice

"The IBM prices are, as ever, extortionate, even with a business partnership, and high levels of discounts."

"The licensing model is a simple user-based model, not that much complicated."

"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."

"It's expensive."

"The pricing is on the higher end."

"It's fairly priced."

"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."

"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."

See which vendors are best for you

Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.

See recommendations

902,270 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Construction Company

16%

Financial Services Firm

15%

Marketing Services Firm

12%

Outsourcing Company

12%

Outsourcing Company

23%

Financial Services Firm

Computer Software Company

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	9
Midsize Enterprise	2
Large Enterprise	18

By reviewers
Company Size	Count
Small Business	90
Midsize Enterprise	18
Large Enterprise	42

Questions from the Community

Ask a question

Earn 20 points

What is your experience regarding pricing and costs for One Identity Active Roles?

The pricing, setup cost, and licensing for One Identity Active Roles are enterprise-oriented and typically based on the number of managed users or accounts. While setup requires moderate implementa...

See all answers

What needs improvement with One Identity Active Roles?

One Identity Active Roles can be improved with a more modern user interface, better reporting and analytics capabilities, simplified workflow customization, improved troubleshooting tools, and stro...

See all answers

What is your primary use case for One Identity Active Roles?

One Identity Active Roles serves as our centralized Active Directory administration platform for identity lifecycle management, including automated user provisioning, delegated administration, role...

See all answers

Comparisons

Symantec Siteminder vs IBM Tivoli Access Manager [EOL]

Compared 13% of the time

Idira Privileged Access Manager vs IBM Tivoli Access Manager [EOL]

Compared 9% of the time

SailPoint Identity Security Cloud vs IBM Tivoli Access Manager [EOL]

Compared 8% of the time

Okta Platform vs IBM Tivoli Access Manager [EOL]

Compared 7% of the time

Tools4ever Password Management vs IBM Tivoli Access Manager [EOL]

Compared 3% of the time

More IBM Tivoli Access Manager [EOL] Competitors

ManageEngine ADManager Plus vs One Identity Active Roles

Compared 12% of the time

Netwrix Auditor vs One Identity Active Roles

Compared 8% of the time

Active Administrator vs One Identity Active Roles

Compared 7% of the time

One Identity Manager vs One Identity Active Roles

Compared 6% of the time

SailPoint Identity Security Cloud vs One Identity Active Roles

Compared 6% of the time

More One Identity Active Roles Competitors

Product Reports

Buyer's Guide

IBM Tivoli Access Manager [EOL]

June 2026

Download IBM Tivoli Access Manager [EOL] product report

Buyer's Guide

One Identity Active Roles

June 2026

Download One Identity Active Roles product report

Also Known As

Tivoli Access Manager, IBM Security Access Manager

Quest Active Roles

Overview

IBM Tivoli Access Manager is a robust and secure centralized policy management solution for e-business and distributed applications. IBM Tivoli Access Manager WebSEAL is a high performance, multi-threaded Web server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space. WebSEAL can provide single sign-on solutions and incorporate back-end Web application server resources into its security policy.

IBM

One Identity Active Roles enhances Active Directory management by automating essential tasks and improving security through efficient delegation and role-based access control.

One Identity Active Roles offers advanced features for managing Active Directory environments, aiding in automating user provisioning, group management, and de-provisioning. It integrates seamlessly with Microsoft environments and provides centralized management for both on-premises and cloud identities. By improving operational efficiency and reducing manual errors, it enforces robust governance across organizations. Active Roles includes auditing and reporting tools that strengthen compliance and security monitoring. Companies find the setup could be simplified with better documentation, more customization options in reporting, and expanded cloud integration, particularly with Azure. Improved workflows and deeper native connectors are needed for seamless automation. Price adjustments and user-friendly analytics with intuitive dashboards are recommended for better usability.

What are the key features of One Identity Active Roles?

Automation of Active Directory tasks: Streamlines processes such as user provisioning and de-provisioning.
Role-based access control: Ensures secure delegation of administration tasks.
Auditing and reporting: Enhances compliance with security monitoring capabilities.
Integration with Microsoft: Seamlessly manages on-premises and cloud identities.

What benefits and ROI should users evaluate?

Operational Efficiency: Reduces manual errors and streamlines active directory tasks.
Security and Governance: Enforces policy-based controls for secure user management.
Compliance: Strengthens monitoring and compliance through advanced auditing.
Usability: Suggests enhancements in workflow and analytics for better management.

Many industries deploy One Identity Active Roles for automating user lifecycle management, especially in Active Directory environments. It significantly eases operations by automating onboarding for new hires, managing role changes, and modifying access. The platform efficiently handles tasks like password resets and compliance audits while empowering teams to securely manage user access without requiring full administrative rights.

One Identity

Sample Customers

Essex Technology Group Inc.

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies

Buyer's Guide

User Provisioning Software

June 2026

Download Free Report

Find out what your peers are saying about One Identity, SailPoint, Omada and others in User Provisioning Software. Updated: June 2026.

DOWNLOAD NOW

902,270 professionals have used our research since 2012.

See our list of best User Provisioning Software vendors.

We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.