One Identity Active Roles vs SailPoint Identity Security Cloud comparison


Comparison Buyer's Guide

Executive Summary

Categories and Ranking

One Identity Active Roles
Ranking in User Provisioning Software
Average Rating
Number of Reviews
Ranking in other categories
Active Directory Management (4th)
SailPoint Identity Security...
Ranking in User Provisioning Software
Average Rating
Number of Reviews
Ranking in other categories
Identity Management (IM) (2nd), Identity and Access Management as a Service (IDaaS) (IAMaaS) (3rd), Cloud Infrastructure Entitlement Management (CIEM) (1st)

Mindshare comparison

As of June 2024, in the User Provisioning Software category, the mindshare of One Identity Active Roles is 8.4%, up from 5.0% compared to the previous year. The mindshare of SailPoint Identity Security Cloud is 33.5%, up from 29.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Provisioning Software
Unique Categories:
Active Directory Management
Identity Management (IM)
Identity and Access Management as a Service (IDaaS) (IAMaaS)

Featured Reviews

Jul 12, 2023
Give us control over attributes a service desk analyst can change, and we can build in integrity rules
The Group Family feature is okay, but there are some issues around its use for creating objects automatically, based on HR attributes. Another issue is that it doesn't look like the hybrid connections are particularly mature. We haven't really used it much. We have a couple of guys setting it up who don't really like the way it's working. It uses a synchronization tool to do that. Native integration with the cloud would be better. Also, we're trying to manage Office 365 mailboxes and although it will create a mailbox in the cloud, it won't do shared mailboxes. That means we're having to write custom solutions for that. Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up. Some of their built-in functions will work off of both servers and I don't see why this shouldn't as well. Another similar gripe is that when you run custom Active Roles policies, they'll actually trigger on both hosts, not on one. In that scenario, it would be better if they would trigger on one host, unless it wasn't available. For example, if you're writing to the event log, you have a custom task and it will show up multiple times because it's being processed by multiple front-end hosts.
Surya Sadhu - PeerSpot reviewer
Jan 29, 2024
A cloud solution for identity management and access governance
Before making a decision, it's essential to align your primary goals with the long-term roadmap of your organization. Consider factors such as whether your organization is a government or private entity and where you envision your organization heading in the next five to ten years. While cost can be a significant factor, it's important to assess the value and features offered by SailPoint IdentityIQ in relation to your organization's needs and future direction. There have been many instances where we provided initial templates in building some of the connectors approximately eight or seven years ago. In response, my team developed a custom connector, which was reviewed and eventually incorporated into the SuccessFactors Connector by SailPoint. The previous version had limitations with subset deployments. SailPoint has introduced various solutions over time. For instance, they now handle deployment entirely, even for IdentityIQ, transitioning it into a SaaS application. SailPoint manages servers, applications, deployments, and server patches, relieving customers of these challenges. Customers access the product via a URL, focusing solely on utilizing it to address their needs. SailPoint continues to provide comprehensive solutions, including evolving IdentityIQ into a SaaS-capable platform, to support their customers' requirements. In terms of solving identity management and access governance challenges, SailPoint IdentityIQ is certainly a strong contender. However, it's essential to clarify your specific goals—are you focused solely on identity management and access governance, or do you also require access management and privileged access management solutions? Configuring IdentityIQ can be complex, requiring significant coding and effort, especially considering the intricacies of integrating with various target systems. The level of complexity can vary greatly depending on each system's specifications. Overall, I rate the solution an 8 out of 10.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:


"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"The solution is stable."
"Secure access is the most valuable feature."
"SailPoint IdentityIQ has more enriched out-of-box connectors than the others."
"The solution is very good at the management of the identity lifecycle."
"The most valuable feature for our customers and for us is the identity data warehouse."
"It is simple and easy to implement."
"The first valuable feature of the solution is its interface. The second feature of the solution is the level of flexibility it provides."
"The basic concept is most valuable. I like how they have designed the solution. They create an Identity Cube, and then they do all the processes and configuration around the Identity Cube."
"Deployment takes a bit of time, however, once it's done properly, everything becomes very organized and easy to use."
"Provides functionalities for various stages, such as joiner, mover, and leaver"


"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"Competitors are advancing by offering integrated solutions encompassing access and privileged access management in a single unified platform. IdentityIQ's focus has remained primarily on identity and access governance, neglecting to expand its offerings to include these additional functionalities within its existing product. Enhancing their product by incorporating modules for access management, privileged access management, and third-party access governance could address this gap."
"The interface should be simple and easier to use."
"We faced some issues while integrating the solution with a third-party tool."
"We have had a lot of service breaks because of the lack of support."
"Certifications could include additional access levels or practices."
"They should lower the price and technical support should be better."
"The report functionality and dashboard of the access manager could be improved."
"It tends to be more expensive, but at the end of the day, it works."

Pricing and Cost Advice

"The pricing is on the higher end."
"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
"It's expensive."
"The licensing model is a simple user-based model, not that much complicated."
"It's fairly priced."
"The licensing fees are on a yearly basis."
"The product is expensive. I rate its pricing an eight out of ten."
"I found the pricing to be relatively high."
"They are expensive."
"It's all competitive. Initially, the prices look a bit higher, but once it gets into a competitive situation, they meet the market. I'd rate it an eight out of ten in terms of pricing. It tends to be more expensive, but it works."
"Its price is okay. It provides good value for money. It is subscription-based. You can go for a one-year or three-year subscription."
"SailPoint is expensive compared to its competitors. It's one of the most expensive products, so I'd rate it as one out of five, cost-wise."
"In terms of pricing, SailPoint IdentityIQ is affordable. It's not cheap, and it's not expensive, so the solution is in the middle, price-wise. It also didn't have additional costs, even if my company had different teams that took care of auditing and provisioning and projects that used SailPoint IdentityIQ."
Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.
789,442 professionals have used our research since 2012.

Top Industries

By visitors reading reviews
Computer Software Company
Financial Services Firm
Healthcare Company
Financial Services Firm
Computer Software Company
Manufacturing Company
Insurance Company

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business

Questions from the Community

What is your experience regarding pricing and costs for One Identity Active Roles?
The solution is fairly priced. That said, I have nothing to compare it to.
What needs improvement with One Identity Active Roles?
The solution has not enabled us to reduce password reset times. It has not automated provisioning. The group attestation could be improved. It was a feature that was available in version 5. You can...
How does Sailpoint IdentityIQ compare with CyberArk PAM?
We evaluated Sailpoint IdentityIQ before ultimately choosing CyberArk. Sailpoint Identity Platform is a solution to manage risks in cloud enterprise environments. It automates and streamlines the m...
What do you like most about SailPoint IdentityIQ?
The first valuable feature of the solution is its interface. The second feature of the solution is the level of flexibility it provides.
What is your experience regarding pricing and costs for SailPoint IdentityIQ?
The product is expensive. People need to opt for a licensing plan for one year or three years.

Also Known As

Quest Active Roles
IdentityIQ, IdentityNow, Cloud Infrastructure Entitlement Management



Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at
Adobe, AXA Technology Services, Cuna Mutual Group, Equifax, ING Direct, Orrstown Bank, Rockwell Automation, SallieMae, Spirit Aerosystems, TEL
Find out what your peers are saying about One Identity Active Roles vs. SailPoint Identity Security Cloud and other solutions. Updated: June 2024.
789,442 professionals have used our research since 2012.