Home > ManageEngine AD360 vs IBM’s IAM Solutions

Looking for an alternative to
IBM’s IAM Solutions

100000+ Technicians trust AD360 to manage their Windows environment

Try AD360

Thank you for downloading!

Your download should begin automatically in 15 seconds. If not, click here to download manually.

    Download fully functional
    60-days FREE trial!

  • By clicking 'Start a free trial', you agree to processing of personal data according to the Privacy Policy.

Thanks!

One of our solution experts will get in touch with you shortly

ManageEngine AD360 vs. IBM’s IAM Solutions

ManageEngine AD360 is an integrated identity and access management (IAM) solution for managing user identities, governing access to resources, enforcing security, and ensuring compliance. From user provisioning, self-service password management, Active Directory change monitoring, to single sign-on (SSO) for enterprise applications and multi-factor authentication, AD360 helps organizations manage identities and achieve a strong security posture.

IBM’s IAM solution portfolio includes several separate modules that take care of authentication, privileged access management, identity governance, and access management.

This document juxtaposes the capabilities of solutions from these two vendors

Capability Description ManageEngine AD360
Try now
IBM
Lifecycle Management
User provisioning and deprovisioning Supports provisioning and deprovisioning of users to various directories and applications    
Automated provisioning Automatically creates account for users in the target directory or application  

(integrates with HRMS and external databases for auto-provisioning)

 
CSV-based bulk user provisioning Provisions accounts for multiple users in a single click by importing their details from a CSV file    
Template-based bulk user provisioning Uses pre-defined and customizable templates to provision multiple users accounts in a single click    
Entitlements management, access certifications, and SoDs
Entitlements assignment Allows you to assign entitlements to resources in your IT environment  

(supports only entitlements in AD, Exchange, Office 365, and file servers)

 
Access certification Allows managers or resource owners to periodically review who has access to what resource and certify the access entitlement  

(supports certifications only for AD resources)

 
Access policies Allows admins to define who can govern access to resources and how long an access assignment should last    
Automation Automatically assigns, reassigns, or removes entitlements based on an identity’s lifecycle status    
Separation of Duty (SoD) Define SoD policies to detect entitlement violations    
Single sign-on (SSO)
SSO to enterprise applications Provides secure, one-click access to enterprise applications  

(supports web-based and on-premises applications)

 

(supports web-based, mobile, and on-premises applications)

SSO frameworks Types of SSO frameworks supported SAML SAML and OIDC
SSO to legacy apps Supports SSO to in-house applications    
Built-in directory Comes built-in with a directory to store user identity details    
Multi-factor authentication
Supported factors Number of authentication factors supported 14 5
MFA for cloud application login via SSO Supports MFA for cloud applications while logging in via SSO    
MFA for desktop logons Adds an extra layer of authentication method to Windows, macOS, and Linux logons    
MFA for VPN logons Adds an extra layer of authentication for VPN logons    
Password management and self-service
Self-service password reset Allows users to reset their AD passwords    
Self-service account unlock Allows users to unlock their locked-out AD accounts    
Real-time password synchronization Automatically synchronizes users’ Active Directory passwords with cloud applications and other on-premises systems    
Password Policy Enhancer Password complexity requirements: Requires a specified number of lower case letters, upper case letters, numbers, and symbols in the passwords   -
Password should not contain part of the username.   -
Other character requirements for passwords: Must begin with a letter, Unicode character, etc.   -
Disallow use of palindromes, repeating characters, and part of old password.   -
Dictionary rule to block common and weak passwords   -
Pattern rule to block keyboard patterns (asdf, qwerty, etc.) in passwords.   -
Cached credential update for AD passwords. Allows remote users who are not connected to the AD domain to reset passwords and log in to their machines   -
Password expiration notification Sends periodic password expiration reminders to AD users via email, SMS and push notifications   -
Password reset from login screen Allows users to reset their passwords right from the login screens of their Windows, macOS, or Linux machines    
Mobile app for password reset Allows users to reset their passwords using a mobile app    
Self-service group management Allows users to request membership to AD groups and get the request approved by admin or group owner   -
Self-service for updating AD attributes Allows users to update AD attributes such as address, mail, mobile, etc., on their own.   -
Privilege Management
Privileged account discovery Provides built-in reports to identify members belonging to privileged groups, including those who inherit privileges through nested groups    
Password vaulting Stores privileged credentials in an encrypted vault

(needs integration with ManageEngine’s Password Manager Pro)

 
Privileged account tracking Tracks all the activities of privileged account holders including their logon/logon activities    
File permissions report Helps identify which users have access to critical files in your file servers   -
File permission management Manages the NTFS and Share permissions of files and folders in your Windows environment   -
Approval workflow for privilege requests Supports creation of an approval workflow process for users requesting access to privileged groups and important files    
Active Directory Management
User management Allows you to disable or enable user accounts, modify user attribute values, reset passwords, unlock accounts, and do much more in bulk, manually and also automatically.    
Computer management Allows you to create and manage computer objects; modify their attributes in bulk    
Group management Allows you to create and manage groups; modify group memberships in bulk    
GPO management Allows you to create and link GPOs to OUs; modify GPO settings    
Management of other objects Allows you to create and manage contact objects, home folders, terminal services profile folder, passwords, and more in AD    
Office 365 management
User management Allows you to create users with or without license, enable MFA settings, reset passwords, modify naming attributes, and do much more in bulk    

(supports only provisioning)

Group management Allows you to create and manage distribution groups, security groups; modify group memberships; modify group properties such as Send As permissions; all in bulk    
Contact management Allows you to create and manage contacts in bulk; modify contact attributes and properties in bulk    
License management Allows you to assign, remove, or replace licenses of selected users or groups    
Mailbox, shared mailbox, and public folder management Allows you to manage Exchange Online mailboxes, configure settings, enable or disable features; modify public folders, and do much more in bulk    
Mobile device management Helps clear mobile device data and remove mobile devices    
Calendar management Lets you modify or remove calendar permissions    
On-premises Exchange management
Mailbox management Allows you to create and modify mailboxes, shared mailboxes, room mailboxes, equipment mailboxes, and more in bulk    
IT security and compliance
Prebuilt reports Provides reports to track user activities in the product    
State-in-time reports for AD Offers over 150 reports on various aspects of your AD environment, including reports to find out inactive users, recently created users, last logon of users, etc.    
State-in-time reports for Exchange Server Offers over 100 reports on various aspects of your Exchange on-premises environment, including reports to find out non-owner mailbox permissions, mailbox storage growth, distribution lists members, etc.    
State-in-time reports for Office 365 Offers over 150 reports on all aspects of various Office 365 services, including Azure AD, Exchange Online, OneDrive for Business, Skype, Microsoft Teams, etc.    
Prebuilt reports for IT compliance Provides report templates for various compliance mandates such as SOX, HIPAA, PCI DSS, GDPR, etc.    
Real-time audit reports Audits who did what, when, and from where using real-time audit reports    
Real-time alerting Sends email and SMS alerts in real time for important security-related changes in your IT environment   -
User behavior analytics (UBA) Helps detect, investigate, and mitigate threats like malicious logins, lateral movement, privilege abuse, data breaches, and malware    

*
(available in a separate solution—QRadar)*

Disaster recovery
Active Directory backup and recovery Takes full or incremental backups of AD objects. Lets you restore them granularly at object or attribute level    
Office 365 backup and recovery Takes full or incremental backups of Exchange Online mailboxes, SharePoint sites, and OneDrive for Business files and folders. Lets you restore them granularly at object or attribute level    
Exchange backup and recovery Takes full or incremental backups of Exchange mailboxes. Lets you restore them granularly at mailbox or item level    
Integrations
ITSM solutions Integrates with ITSM and ITIL solutions for user provisioning, identity management, password sync, etc.    
SIEM solutions Integrates with SIEM solutions to provide network-wide deeper analytics    
HRMS solutions Integrates with HRMS solutions to automate user lifecycle management    
Database servers Integrates with databases to automate user lifecycle management    
PAM solutions Integrates with a privileged access management (PAM) solutions for password vaulting and other PAM capabilities    
APIs Provides APIs to connect to external applications    

Can the solution be considered value for money?

Component-based pricing model.
Starts at $595* per year
for identity management

* - self-service, SSO, auditing, and other components cost extra.

Summary

As you can see from the above table, both ManageEngine AD360 and IBM’s IAM portfolio provide comprehensive identity governance and management capabilities. However, there are some important differences between the two:

  • IBM has separate modules for each identity governance and management capability. AD360 provides all the capabilities in a single console. AD360 also provides disaster recovery and comprehensive management capabilities for AD, Exchange, and Office 365
  • AD360 provides nearly 1000 pre-built reports on various aspects of your IT environment as well as a bird’s-eye view of all activities by users and admins, in real time. It can also send you alerts via email and SMS when an important event happens in your environment. The analytics capabilities of the solutions from IBM are fairly limited when compared with AD360.
  • While IBM has a capable identity governance and administration solution, AD360 has capabilities that are essential for enterprises that depend on Microsoft technologies such as AD, Exchange, and Office 365.

Note: This comparison is based on the publicly available information on the competitor’s website. Even though care has been taken to ensure that the information provided in this document is correct, some discrepancies are possible. In case of discrepancies, please write to us at ad360-support@manageengine.com.

customer-testimonial-logo

What customers say about us

  • CAMH will be able to save close to $26,000 a year on service desk calls related to Active Directory password resets and locked accounts, and will see a return on investment within the first six months of product implementation.

    Judy OlivierProject Manager, CAMH

About ManageEngine AD360

AD360 is an identity and access management (IAM) solution for managing user identities, governing access to resources, enforcing security, and ensuring compliance. AD360 provides all these functionalities for Windows Active Directory, Exchange Server, and O ce 365. With AD360, you can choose the modules you need and start addressing IAM challenges across on-premises, cloud, and hybrid environments—all from a single console.

For more information about AD360, please visit

www.manageengine.com/ad360.
Download
Demo

Thank you for downloading!

Your download should begin automatically in 15 seconds. If not, click here to download manually.

Download fully functional60-days FREE trial!

  •  
    By clicking 'Claim Your Free Trial', you agree to processing of personal data according to the Privacy Policy.

Thank you

Thank you for your interest in ManageEngine AD360. We have received your request for a personalized demo and will contact you shortly.

Schedule apersonalized web demo

  • By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

Disclaimer: ManageEngine does not guarantee the accuracy of any information presented in this document, and there is no commitment, expressed or implied, on ManageEngine’s part to update or otherwise amend this document. The furnishing of this document does not provide any license to patents, trademarks, copyrights or other intellectual property rights owned or held by ManageEngine.