Try our new research platform with insights from 80,000+ expert users

One Identity Active Roles vs SAP Identity Management comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Nov 6, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

One Identity Active Roles
Ranking in User Provisioning Software
5th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
25
Ranking in other categories
Active Directory Management (1st), Non-Human Identity Management (NHIM) (5th)
SAP Identity Management
Ranking in User Provisioning Software
6th
Average Rating
7.8
Reviews Sentiment
5.9
Number of Reviews
14
Ranking in other categories
Identity Management (IM) (12th)
 

Mindshare comparison

As of September 2025, in the User Provisioning Software category, the mindshare of One Identity Active Roles is 5.3%, up from 4.8% compared to the previous year. The mindshare of SAP Identity Management is 5.4%, up from 5.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Provisioning Software Market Share Distribution
ProductMarket Share (%)
One Identity Active Roles5.3%
SAP Identity Management5.4%
Other89.3%
User Provisioning Software
 

Featured Reviews

Grzegorz Kosela - PeerSpot reviewer
Task automation simplifies user and delegation management while offering a customizable interface
Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly. The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer. The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it. It's helped increase operational efficiency by 50%. It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively. We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access. It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times. We've just integrated with our HR system. It helps us follow activated and deactivated users. I'd rate the granular controls on offer ten out of ten. We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface.
Kiril Petkov - PeerSpot reviewer
Stable, especially if you're an experienced user and is suitable for managing access rights for accounts, process sharing, and file sharing, but it isn't straightforward to use or maintain
I'm not so happy about the features provided by SAP Identity Management, but I'm not sure where the problem lies, if it's a product issue, an issue with its deployment, or both. I find SAP Identity Management complicated to use. Maintaining it is also complex. The solution is integrated with only two core systems, so it's not compatible with all applications in terms of providing single sign-on, which makes no sense to me, so this is another area for improvement in SAP Identity Management. Still, the issue could be with the supplier my company is working with, as that supplier provides consultancy and deployment services. It's a popular, experienced, and well-ranked supplier in the local market. However, it's still not guaranteed that the business requirements have been understood correctly and that the deployment was done properly. What I'd like to see in SAP Identity Management in its next release is a more innovative way to use it for handling all access rights rather than having to use different products.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It gives us attribute-level control and the AD management features work very well."
"We have eased the burden on the support desk and reduced the risk of them doing something they shouldn't."
"Secure access is the most valuable feature."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"The access templates help set up granular permissions and the web portal to manage Active Directory."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"It has helped increase operational efficiency in our organization."
"What I found most valuable in SAP Identity Management is process automation. The solution also gives transparency about what is happening and why which I find beneficial. Another feature I found valuable in SAP Identity Management is integration. It has very good integration."
"What's most valuable in SAP Identity Management is that it's easily an out-of-the-box solution for connectivity with SAP applications. We do not have to do any customizations, and this makes the solution very compatible with most SAP applications. SAP Identity Management is also very user-friendly."
"Rather than implement a basic SSO, this solution assisted us with setting up two-factor authentication."
"The most valuable feature is the user experience for managing information."
"The tool's most valuable features are its access control and approval of access requests. The self-service password reset feature is efficient. Role management capabilities streamline user access by assigning and revoking roles."
"What I like about SAP Identity Management is that it's stable for experienced users and suitable for access management, not just for SAP accounts, but for Active Directory, including file sharing and process sharing."
"The most valuable features of SAP Identity Management are business roles and automated user provisioning."
"It provides basic automatic user administration and role provisioning to save time."
 

Cons

"The way you can search groups could be better."
"It's a fairly stable product but not perfectly reliable."
"Additional documentation about the Angular web interface is needed."
"Customer support is rated six. Sometimes having a fix for a bug takes too much time. While in production, issues tend to take a while to resolve."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"Most of the time it just works."
"Active Roles could add more options for web customization. Our requirements are exceedingly specific. We'd like to get the web interface down to just five buttons, but in some cases, we can only get to six. The web interface in the current version is less customizable than in the previous one."
"The pricing could be better."
"I find SAP Identity Management complicated to use. Maintaining it is also complex."
"SAP Identity Management can improve risk analysis and authority checks."
"It needs to have the SSO for the HANA modules that SAP is releasing."
"Research and marketing need to be improved."
"One of the areas for improvement in the solution is its user interface which needs to be up-to-date and fancier, in particular, have better visualization in terms of the tabs and buttons. The user interface of SAP Identity Management should be improved based on the latest trends."
"What needs improvement in SAP Identity Management is its compatibility with third-party applications. We'd like to get connectors or plugin settings to make it easier to manage other applications, whether SAP or non SAP applications. As SAP Identity Management is not compatible with non SAP applications, some of the clients are looking for other IDM applications such as SalePoint and Saviynt, so this is an issue we've observed in the solution."
"I have encountered issues with the host authentication feature."
 

Pricing and Cost Advice

"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."
"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."
"The pricing is on the higher end."
"It's expensive."
"The licensing model is a simple user-based model, not that much complicated."
"It's fairly priced."
"When evaluating the price of any product, I first look at how it meets my business requirements and if it meets requirements adequately and predictively. Currently, I don't see this from SAP Identity Management, so pricing for it is expensive, in my opinion."
"I rate the solution's pricing a four out of ten."
"The licensing cost varies depending on the specific requirements and deployment size."
report
Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.
867,497 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Healthcare Company
9%
Financial Services Firm
8%
Manufacturing Company
8%
Manufacturing Company
13%
Computer Software Company
11%
Financial Services Firm
8%
Energy/Utilities Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise2
Large Enterprise17
By reviewers
Company SizeCount
Small Business4
Midsize Enterprise3
Large Enterprise6
 

Questions from the Community

What is your experience regarding pricing and costs for One Identity Active Roles?
The product is expensive, but if you want to save money, the delegation set-up process is quite easy. After setting up Active Roles once, defining the delegation model, it is very efficient, almost...
What needs improvement with One Identity Active Roles?
One area for improvement would be the Entra ID side, including better delegation for Entra ID objects and more granular permissions. We would also like to see better Entra ID license management usi...
What do you like most about SAP Identity Management?
The tool's most valuable features are its access control and approval of access requests. The self-service password reset feature is efficient. Role management capabilities streamline user access b...
What needs improvement with SAP Identity Management?
One area that could be improved with SAP Identity Management, other than support, is user engagement from an implementation perspective. It would be beneficial for SAP to extend their events and wo...
What is your primary use case for SAP Identity Management?
The use cases for SAP Identity Management include the logistics company, and we also have a beverage company that is using SAP Identity Management. We did not make the migration for them, but we im...
 

Also Known As

Quest Active Roles
SAP NetWeaver Identity Management, NetWeaver Identity Management
 

Overview

 

Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
State of Indiana, Automotive Resources International (ARI), Alliander N.V., Chemion Logistik GmbH, Seoul National University Bundang Hospital (SNUBH)
Find out what your peers are saying about One Identity Active Roles vs. SAP Identity Management and other solutions. Updated: September 2025.
867,497 professionals have used our research since 2012.