We performed a comparison between Imanami GroupID and One Identity Active Roles based on real PeerSpot user reviews.
Find out in this report how the two User Provisioning Software solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."For each job code, we go through and determine the access they're supposed to have to the system. Based on that job code, we use the query tool and say that anybody who is in this job code gets these groups added to them, or conversely, if they change job codes, it removes the ones that they shouldn't have and adds the one they should. That runs every night, and the next day, everybody has the job codes they're supposed to have."
"Imanami GroupID's UI is good."
"I have found the overall features to be useful."
"In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well."
"Secure access is the most valuable feature."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"Another good feature is the change history. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated."
"It gives us attribute-level control and the AD management features work very well."
"The solution is stable."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"The product's implementation is complex. It should also work on GPO."
"The mobile application needs to be improved and there should be chatbox features to allow users to easily reach out for assistance."
"I'd like to see a better user interface. It works, but it is clunky. There should be better import and export of LDAP queries and better management tools."
"Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up."
"The way you can search groups could be better."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there."
"The ability to send logs to a SIEM would be very beneficial."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"The solution needs an attestation process that includes certification and recertification attestation."
"For the AAD management feature, it needs to improve the objects that we can manage and the security."
Imanami GroupID is ranked 10th in User Provisioning Software with 3 reviews while One Identity Active Roles is ranked 5th in User Provisioning Software with 17 reviews. Imanami GroupID is rated 8.4, while One Identity Active Roles is rated 8.6. The top reviewer of Imanami GroupID writes "Simplifies the task of managing groups and is affordable and easy to implement". On the other hand, the top reviewer of One Identity Active Roles writes "Single interface and workflows simplify AD and Azure AD management efficiency and security". Imanami GroupID is most compared with Netwrix Auditor, ManageEngine ADManager Plus and SailPoint IdentityIQ, whereas One Identity Active Roles is most compared with Microsoft Entra ID, ManageEngine ADManager Plus, SailPoint IdentityIQ, One Identity Manager and Softerra Adaxes. See our Imanami GroupID vs. One Identity Active Roles report.
See our list of best User Provisioning Software vendors and best Active Directory Management vendors.
We monitor all User Provisioning Software reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.