ManageEngine ADSelfService Plus vs Microsoft Azure AD Password Management
The prime objective of Self-Service Password Reset software is to allow end-users who have forgotten their passwords or have been locked-out of their accounts, to securely reset their own passwords and unlock their accounts without help desk intervention. ManageEngine ADSelfService Plus and Microsoft Azure AD Password Management are two different software products that provide self-service password management. While the former packs in an array of compatible self-service features and plenty of canned reports at an affordable price, the latter lacks some nifty features and costs a lot more.
The cloud-based Microsoft Azure AD Password Management has certain limitations owing to its cloudbased infrastructure. Limitations like the lack of a login agent for password reset, the need for implementing an Active Directory Federation Service (ADFS) to link your local AD with the cloud-based Azure AD and inability to reset passwords of remote users make it a complex product to set up and implement.
The following are some noteworthy advantages of ADSelfService Plus over Azure AD Password Management:
- ADSelfService Plus synchronizes AD password changes in real-time across multiple cloud based and on-premise applications while Azure AD Password Management tool does not support that functionality
- ADSelfService Plus allows users to self-update their personal information, search for their colleague's information, and subscribe and unsubscribe to distribution groups. Azure AD Password Management tool does not offer any of the above said functionalities.
- ADSelfService Plus provides a login agent for password reset. Azure AD Password Management tool does not provide a login agent for password reset and requires users to access the portal from a shared system.
- ADSelfService Plus provides native Android and iPhone applications for password management on the move. Azure AD Password Management tool does not provide native mobile tools for Android and iPhones.
ManageEngine ADSelfService Plus
|Feature Description||Description||ManageEngine ADSelfService Plus
|Self-reset Password||Users can reset their forgotten passwords without calling helpdesk|
|Self-unlock Account||Users can unlock their locked out accounts without calling helpdesk|
|Password Expiry Reminder||Notify users to change password before it expires via email|
|Account Expiry Reminder||Notify users and their managers about impending account expiry|
|Employee Directory Self-update||Employees can update their profile information in Active Directory|
|Multi-platfrom Password Synchronizer||Synchronize password and account changes across multiple platforms|
|Real-time Password Sync Agent||Synchronize password changes across a range of cloud-based and on-premise applications in real-time|
|Cached Credentials Update||Update cached credentials when users reset their passwords even if they are not connected to the corporate network.|
|Help Desk Assisted Password Reset and Account Unlock||Integrate password selfservice with your review and approval based help desk software.|
|Mail Group Subscription||Users can opt-in or opt-out of Distribution Groups|
|Employee Search||Users can search for their colleagues information|
|Organization Chart||Users can find their position in the organization hierarchy|
|Change Password||Users can change their password from anywhere, anytime|
|Web Interface||Users can access the selfservice portal from a web browser|
|Mobile Interface||Users can access the selfservice portal from a mobile browser|
|Native Android and iPhone Apps||Android and iPhone apps for ‘on the go’ password reset and account unlock|
|Windows Logon Agent||Users can access the sel - service portal from the Windows login prompt|
|Mac Logon Agent||Users can access the selfservice portal from the Mac OS X login prompt|
|Available Authentication Techniques||Authentication techniques available to verify users’ identity||Security Q&A, SMS & Email Verification Codes, Google Authenticator||Security Q&A, SMS & Email Verification Codes, voice call verification|
|Custom OU and Group-based Password Policies||Restrict features to certain users based on OUs and Groups|
|Password Reset and Account Unlock Limit||Limit the number of times that users can reset passwords and unlock accounts in a specific time duration|
|Account Unlock, Password Reset & Change Notifications||Notify users via e-mail & SMS upon successful password reset / change / account unlock|
|Password Strength Assessment Tool||Tool to analyze the strength of the passwords in real time as the user types them|
|Enforce Password History during Password Reset||Enforce Active Directory Password History Settings during password reset|
|CAPTCHA Verification||A challenge-response test used to determine whether or not the user is human|
|Session Timeout||Users are automatically logged out if they are idle for a specified period of time|
|Block Users||Users who repeatedly fail password self-service will be automatically blocked for a few minutes|
|Force users to enroll when they log in to their system||Users can be forced to enroll when they log in to their system|
|Notify users to enroll by sending them an enrollment reminder||Users can be asked to enroll by sending them an enrollment reminder|
|Import enrollment data from a CSV file and enroll users without their intervention||Import enrollment data from a CSV file and enroll users without their intervention|
|Import enrollment data from a CSV file and enroll users without their intervention users||Reuse data of users from Active Directory to automatically enroll users|
|Reuse enrollment data from your inhouse database||Reuse Security Q&A data of users from your in-house database to enroll users|
|Multiple Domain Support||Manage multiple domains from a single window|
|Single Sign-on||Automatically detects applications that use Windows credentials and logs in the users|
|Mobile Push Notification for reminders and events||Notify mobile users with push notifications on Enrollment reminders and soon-to-expire passwords|
|Multi-language Support||Support for multiple languages|
|Rebranding||Customize the self-service portal with your own name, logo, etc.|
|Dashboard which details all critical user related information||Administrator’s dashboard which details all key user related information|
|Reports on user actions, their password status and more||Reports on user actions, their password status and more|
|Reports on users with soon-to-expire passwords, locked-out users, password expired users||Complete reports on users, locked out users, Soon-toexpire password users, and password expired users.|
|Report on users’ enrollment status||Administrator can check the registered users in the following reports- Enrolled users, Non-Enrolled users, Licensed users, Security questions and answers|
|Export reports for later use in a target file format such as HTML, PDF, CSV, etc.||Reports can be saved for later use in a target file format||
|Schedule and send selected reports via email||Scheduler to create and send selected reports via email|
Can the solution be considered value for money?
The professional version starts at $ 1195 for 500 users.
- While both ManageEngine ADSelfService Plus and Azure AD Password Management empower users to reset passwords on their own without the assistance of the IT helpdesk, Azure AD Password Management remains single dimensional by supporting password management only from web browsers. ADSelfService Plus on the other hand provides login agents for Windows and Mac devices, native Android and iPhone apps for password management on the go and many other features that make password management simpler for both users and administrators alike. Additionally,
- ADSelfService Plus offers extra self-service features like ‘Mail Group Subscription’, ‘Multi-Platform Password Synchronizer’, ‘Cached Credentials Update’, ‘Self-Update of personal information’ and ‘Employee Search’.
- Overall, ADSelfService Plus will give you a better return on investment by ensuring that password reset calls are a thing of the past in your organization
What customers say about us
CAMH will be able to save close to $26,000 a year on service desk calls related to Active Directory password resets and locked accounts, and will see a return on investment within the first six months of product implementation.
Judy OlivierProject Manager, CAMH
This tool helps me be in command of the technical environment in my Active Directory network. It is easier to find logs and manage more effectively. The cost for the many features got our attention.
Diego PontesTecnisa SATecnisa SA
Just about the best piece of security software that would put a smile on any security administrator
Jacinto GodinhoAdministrator: Quality Assurance and IT Security, Al-Ahli Bank of Kuwait