We performed a comparison between Cisco ISE (Identity Services Engine) and One Identity Active Roles based on real PeerSpot user reviews.
Find out what your peers are saying about Cisco, HPE Aruba Networking, Forescout and others in Network Access Control (NAC)."The most valuable features are the NAC and the bundles that are available with Cisco ISE, such as Cisco ACS being integrated."
"For us and our clients, the most valuable features of Identity Services Engine are really around the rich contact sharing that ISE gives you."
"It's scalable."
"The most valuable feature is 801.1x and another very good feature is the TACACS."
"The ability to allow or deny hosts onto the network is valuable. It provides great security to the network environment."
"The way we can trust this solution is the most valuable. We have no issue with this product. It is a competitive product. You need to have a very good and deep knowledge of the product to take the full benefits of all the features, but it is a good product."
"The most valuable feature is the provisioning of the device so as to ensure that they are compliant with the security policy that we need to have."
"Among the most valuable features is TACACS."
"It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"The solution is stable."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"Also, the menus could have been much simpler. There are many redundant things. That's a problem with all Cisco solutions. There are too many menus and redundant things on all of them."
"Cisco ISE has numerous features that are impractical, and I won't utilize them since they require payment."
"The intuitiveness of the user interface could be improved."
"Its user interface could be better. It's not bad. They've just redesigned the whole user interface. It's not terribly difficult. The drop-down menus are easy to use. However, when you're looking for some things in the user interface, it takes a minute to find where you were prior."
"Adding new devices was a little cumbersome. I haven't done it that many times, but I remember that adding new devices to the authentication piece of it was a little cumbersome. The way I was shown to do it, I thought it was odd because we had to go into the active device, copy the file down, export it, make some changes to it, and then reimport it as opposed to being able to click it and having a template to fill out."
"I'd like to see an easier way to upgrade to larger versions, as well as more best practices that are easier to locate on their support page."
"I would like to see integration with other vendors, and the RADIUS integration needs to be improved a little bit."
"The user interface could be more user-friendly."
"Most of the time it just works."
"The solution needs an attestation process that includes certification and recertification attestation."
"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"The ability to send logs to a SIEM would be very beneficial."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 137 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while One Identity Active Roles is rated 8.6. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and Fortinet FortiAuthenticator, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Netwrix Auditor.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.