ManageEngine ADSelfService Plus vs Citrix SSPR
Forgotten password and locked-out accounts are two of the main sources of help desk tickets. ManageEngine ADSelfService Plus and Citrix Self-Service Password Reset are two solutions that can help you avoid password-related help desk calls. This document provides a detailed comparison of these two solutions to help you make an informed purchase decision.
What makes ManageEngine ADSelfService Plus unique?
| Citrix Self-Service Password Reset | Self-service password reset (SSPR) is available as a premium feature (requires Platinum subscription) in some Citrix applications such as XenApp and XenDesktop. It allows end users to reset passwords and unlock accounts in Active Directory from the logon screen of the Citrix apps. |
| ManageEngine ADSelfService Plus | ADSelfService Plus is an integrated Active Directory (AD) self-service password management and single sign-on solution. It allows Active Directory users to securely reset their passwords and unlock their accounts. Apart from self-service password management, ADSelfService Plus also supports a password expiration notifier, a multi-platform password synchronizer, single sign-on for enterprise applications, a self-service directory updater, an AD password policy enhancer, and two-factor authentication for Windows logons. |
| How ADSelfService Plus is better than Citrix SSPR | ADSelfService Plus is a dedicated self-service password management solution that has many capabilities, whereas Citrix SSPR provides only the basic self-service password management capability. |
| Multi-factor authentication for improved security | In ADSelfService Plus you can enable multiple authentication methods, including RSA SecurID, Duo Security, biometric authentication, AD-based security questions, and more, to verify users’ identities before allowing them to reset passwords or unlock accounts. Citrix SSPR only supports security questions and answers to protect the security sensitive process. |
| Ensuring 100% enrollment for password self-service | ADSelfService Plus allows you to automatically enroll users for password self-service by importing their enrollment data from a CSV file or external database. You can also force users to enroll when they login to their machines by displaying a non-closable pop-up window. In Citrix SSPR, users are required to manually enroll by themselves which could adversely affect the enrollment rate and subsequently the return on investment. |
| Enforcing password blacklisting for improved password security | In ADSelfService Plus, you can force users to pick a strong password by blacklisting weak, common passwords by enabling custom password policy rules such as dictionary rule, pattern check, and more. Citrix SSPR doesn’t have this capability. |
| Auditing users’ self-service activities | ADSelfService Plus provides predefined audit reports that capture every action users have performed using the tool. It also provides information on users’ password expiration and account lockout status. Citrix SSPR doesn’t provide reports or audit user activities. |
| Self-service password reset from Windows, OWA, Citrix, SharePoint, Mac, and mobile | Users can have access to the Forgot Password? link right from the logon screen of their Windows or Mac machines, Citrix web interface, OWA, and SharePoint. They can also install the ADSelfService Plus app available in Play Store and App Store to reset passwords or unlock accounts via mobile.Citrix SSPR allows password reset only from the logon screen of Citrix apps. |
| Password synchronization between AD and other enterprise applications | You can configure ADSelfService Plus to automatically synchronize password modifications with Office 365, G Suite, Salesforce, IBM iSeries, Oracle DB, and other enterprise applications, making password management easier for end users. Citrix SSPR does not provide this capability |
| Additional self-service capabilities for end users | Not just password reset and account unlock, ADSelfService Plus provides many other self-service features such as the ability to update profile information including mobile number and photos in AD,search for peers' profile information, subscribe to mail groups, etc. Citrix SSPR supports only password reset and account unlock. |
ManageEngine ADSelfService Plus
| Features | Description | ManageEngine ADSelfService Plus Try now |
Citrix SSPR | ||
|---|---|---|---|---|---|
| Self-service password management features | |||||
| Self-Password Reset | Allow users to reset their passwords without depending on the help desk. | ||||
| Self-Account Unlock | Users can unlock their accounts without calling the help desk. | ||||
| Password Expiration Notification | Notify users via email, SMS, and push notifications to inform them about their password expiry date, and ask them to change their password before it expires. | ||||
| Account Expiration Notification | Notify users and their managers via email, SMS, and push notifications about impending account expiration. | ||||
| Password Synchronizer | Synchronize password changes across various applications like Gsuite, Office 365, and Salesforce | ||||
| Password Policy Enforcer | Blacklist weak passwords and create OU/group-based custom password policy rules including dictionary rule and pattern check. | ||||
| Change Password | Allow users to change their password from anywhere, at any time. | ||||
| Cached Credentials Update | Update the local cache stored in the users’ machine so that remote users can access their machine even if they forget their password. | ||||
| Identity verification | |||||
| Identity verification methods | Supported authentication methods for verifying users’ identities during the self-password reset process. |
|
|
||
| Approval workflow for password reset | Send password reset requests from end users to admins or managers for approval. | ||||
| Enrollment | |||||
| Enrollment Notification | Notify users through email, SMS or push notifications to enroll for password selfservice. | ||||
| Automatic Enrollment | Automatically enroll users by importing enrollment data from CSV or external DB. | ||||
| Forced Enrollment | Users are forced to enroll when they log in to their machines. | ||||
| Auditing users’ actions | |||||
| Audit reports | Reports that provide who, what, and when of users’ self-service activities. | ||||
| Accessibility | |||||
| Accessibility | Endpoints and applications from where password reset can be performed. | Windows and Mac logon screen, Citrix web interface, OWA, and SharePoint | Citrix apps only | ||
| Other features | |||||
| Enterprise Single SignOn | Provide access to enterprise applications through single sign-on. credentials. | ||||
| SSO for custom SAMLbased applications | SSO support for SAMLbased in-house applications. | ||||
| TFA for Windows logons | Another layer of protection for Windows logins | ||||
| Directory Self-Update | Allow users to maintain their information up-todate in AD. | ||||
| Employee Search | Allow end users to search for their peers’ profile information such as mobile number and address. | ||||
| Mail-Group Subscription | Allow users to opt-in or opt-out of the specified distribution groups. | ||||
| Integration with help desk tool | Integrate with help desk tool to automatically create tickets for users’ selfservice actions. | ||||
Can the solution be considered value for money?
Component-based pricing model
The Standard edition starts at $ 595 for 500 users
The professional version starts at $ 1195 for 500 users.
Conclusion
- While both Citrix SSPR and ManageEngine ADSelfService Plus allow end users to perform password reset, ADSelfService Plus provides a lot of additional capabilities such as enrolling users by force or automation, audit reports for users’ self-service actions, and multi-factor authentication for improved security.
- ADSelfService Plus is a comprehensive self-service solution that features directory self-update, employee search, and mail group subscription, while Citrix supports only password reset.
- Additionally, features such as SSO, TFA, and so on are available separately in Citrix and are not included with the SSPR subscription.
