We performed a comparison between Cisco ISE (Identity Services Engine) and One Identity Active Roles based on real PeerSpot user reviews.
Find out what your peers are saying about Cisco, HPE Aruba Networking, Fortinet and others in Network Access Control (NAC)."It's scalable."
"My team has gained a lot from Cisco ISE as it does also provide automation, which is a big asset in the eighth hour. After setting it up, it took a lot of the weight off in many ways. We have a co-worker, who we call the ISE Master because he's in charge of the ISE configurations. He's able to save a lot of time by being able to monitor everything from there. So it did take off a lot of time that we would waste by going individually to that different device and trying to figure out what was wrong."
"There is good integration with third-party systems like antivirus patch management, MDM."
"Authentication is the most valuable feature because it puts our company at another level of security."
"The most important feature for us is visibility in terms of user connections. It's the ability to see what devices are online for a particular user that helps a lot with our troubleshooting."
"Cisco ISE is a comprehensive solution that allows you to control access to network resources granularly based on policies."
"It is a good product for what it does...So, it is one of the most critical systems that we have."
"Technical support is okay."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"Active Roles improved the management of users, groups, and AD objects in the organization."
"It gives us attribute-level control and the AD management features work very well."
"The most valuable features include auditing, dynamic grouping, and creating dynamic groups based on AD attributes."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"An area that could be improved is the agent. The challenge now is that agent and most of the computers have changed. They could think about agent-less deployment."
"The compliance and posture don't always work. They should make it more stable. With each upgrade, we lose some functionality. We have to wait for another upgrade."
"The pricing and licensing structure are not ideal for customers."
"I would like for the next release to be easier to implement and to limit its dependencies around ISE, Windows, the network as a whole, etc."
"There is room for improvement in CLI. Most things are done through the GUI, and there aren't many commands or troubleshooting options available compared to other Cisco products like switches and routers."
"Third-party integration is important, as well as the continuous adaptation feature which is the AIOps. It would be helpful to include the AIOps."
"We would definitely like to see a little bit of an improvement in the web GUI navigation. Some of the things are a little bit hidden in the drop-down menu. If we could get a way to get to those quicker, it'd be much more useful."
"The installation is not straightforward, it took us approximately one month."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"The way you can search groups could be better."
"I've had a difficult time getting it to cooperate with Azure in the cloud and, while the support staff are very good and very knowledgeable, what they assist with just on a call doesn't go deep enough to help with a number of issues. The answer that comes back is that we'd have to start an engagement with Professional Services, which is fine but that takes time to schedule and it takes budget."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"The solution needs an attestation process that includes certification and recertification attestation."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
More Cisco ISE (Identity Services Engine) Pricing and Cost Advice →
Cisco ISE (Identity Services Engine) is ranked 1st in Network Access Control (NAC) with 138 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. Cisco ISE (Identity Services Engine) is rated 8.2, while One Identity Active Roles is rated 8.6. The top reviewer of Cisco ISE (Identity Services Engine) writes "Gives us that extra ability to assist the end user and make sure that we are making them happy". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". Cisco ISE (Identity Services Engine) is most compared with Aruba ClearPass, Fortinet FortiNAC, Forescout Platform, CyberArk Privileged Access Manager and Fortinet FortiAuthenticator, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint Identity Security Cloud, One Identity Manager and Netwrix Auditor.
We monitor all Network Access Control (NAC) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.