ManageEngine ADSelfService Plus vs PWM – Open Source Password Self Service
The prime objective of self-service password reset software is to allow end-users who have forgotten their passwords or have their accounts locked-out, to securely reset their passwords and unlock their accounts without help desk intervention. This eliminates password related calls to the help desk, improves employee productivity, and helps your business save on cost.
ManageEngine ADSelfService Plus and Google sponsored PWM serve this purpose. The following comparison juxtaposes the features of these two solutions to help you make an informed decision on which software best fits your business needs.
Key differentiators that set ADSelfService Plus apart from PWM:
|Complementary Self-Service Features:||Self Directory Update and Mail Group Subscription to further boost the self-service capabilities of users.|
|Free Password Expiry Reminder:||Remind users via SMS or email to change their domain passwords before they expire. This feature is 100% free with no restrictions on user count.|
|GINA/CP/Mac OS X Login Agent:||Login agents for Mac and Windows allow users to reset their passwords and unlock their accounts from the log in screen of their machines.|
|Automatic/Forced Enrollment:||Enroll users without their intervention by importing enrollment data like challenge questions and answers, mobile numbers, email ID, etc., from a CSV file or force them to enroll when they log in to their machines.|
|Real Time Password Synchronizer and Change Notifier:||ADSelfService Plus’s password sync agent synchronizes password changes with a range of cloud applications and on-premise systems in real time, and also immediately notifies users about the change.|
|Native Mobile Apps:||Reset passwords on the go with dedicated mobile apps for Android and iOS.|
Key Features ADSelfService Plus
|Features||Description||ManageEngine ADSelfService Plus
|Password Reset||Users can reset their forgotten passwords without calling help desk|
|Account Unlock||Users can unlock their locked out accounts without calling helpdesk|
|Password Expiry Notification||Notify users to change password before it expires|
|Account Expiry Notification||Notify users and their managers about impending accout expiry|
|Password Change Notification||Notify users when their passwords are changed/reset natively in Windows||
(real time notification)
|Employee Directory Self-Update||Employees can update their profile information such as contant number in Active Directory|
|Password Synchronizer||Synchronize Windows password changes with onpremise and SaaS applications|
|Mail Group Subscription||Users can opt-in or opt-out of Distribution Groups|
|Employee Search||Users can search for their colleagues information|
|Organization Chart||Users can find their position in the organization hierarchy|
|Change Password||Users can change their password from anywhere, anytime|
|Automatic Password Reset/Account Unlock||Automatically reset passwords when they expire and unlock accounts when they are locked-out|
|Web and Mobile based Portal||Users can access the selfservice portal from a web or mobile browser|
|Android and iPhone Native Mobile Apps||Android and iPhone apps for ‘on the go’ password reset and account unlock|
|Windows Login Agent||Users can access the selfservice portal from the Windows login prompt|
|Mac Login Agent||Users can access the selfservice portal from the Mac OS X login prompt|
|Available Authentication Techniques||Authentication techniques available to verify users’ identity||Challenge Questions, Email & SMS-based OTP and Google Authenticator||Challenge Questions, Email & SMS-based OTP, Passphrases, and PIN|
|Forced Enrollment||Users can be forced to enroll when they log in to their system|
|Enrollment Reminders||Users can be asked to enroll by sending them an enrollment reminder|
|Auto Enrollment||Import enrollment data from a CSV file and enroll users without their intervention|
|External Database Support||Reuse Security Q&A data of users from your inhouse database||
(Supports Oracle, MS SQL, MySQL)
|Override Active Directory Password Policy||Create a custom password policy that overrides your AD domain password policy||
(supports multiple password policies based on OUs and Groups)
|Real Time Password Reset/Change Notification||Users & Admins receive a real time notification as soon as a password change/reset is performed|
|Password Reset/Account Unlock Email Notifications||Notify users upon successful password reset / change / account unlock||
(Email and SMS notifications)
|Enforce Password History||Enforce Active Directory Password History Settings during password reset|
|CAPTCHA Verification||A challenge-response test used to determine whether or not the user is human|
|Restrict Inactive Users||Restrict disabled, expired, deleted users from using the application|
|Session Timeout||Users are automatically logged out if they are idle for a specified period of time|
|Block Users||Users who repeatedly fail password self-service will be automatically blocked for a few minutes|
|Features||Description||ManageEngine ADSelfService Plus
|OU and Group based configuration||Configure features and settings based on OU and Groups|
|Single Sign-on||Automatically log in users with their domain credentials using NTLMv2 authentication|
|Multi-language support||Built-in support for multiple languages||
(Supports 17 languages)
(Supports 18 languages)
|Rebranding||Customize the self-service portal with your own name, logo, etc.|
|Help Desk Module|
|View Password Status||Help desk technicians have the ability to view password status of end-users|
|View/Edit user data||Help desk technicians have the ability to view and edit endusers’ enrollment data|
|Reset Password & Unlock Account||Help desk technicians have the ability to reset password & unlock account of end-users||
(they can only verify and approve password reset)
|Key Features||Description||ManageEngine ADSelfService Plus
|Administrator’s Dashboard||Dashboard which details all key user related information|
|User Action Audit Reports||Reports on user actions, their password status and more|
|Password and Account Status Report||Reports on users with soon-toexpire passwords, locked-out users, password expired users|
|Enrollment Status Report||Report on users’ enrollment status|
|Export Reports||Reports can be saved for later use in a target file format such as HTML, PDF, CSV, etc.|
|Report Scheduler||Scheduler to generate and send selected reports via email|
Can the solution be considered value for money?
The professional version starts at $ 1195 for 500 users.
- ADSelfService Plus has a rich set of features with fine-grained settings for each feature that ensures users never seek assistance from the help desk for their password related problems. Also, the complementary features will further reduce the calls to the help desk from end-users. ADSelfService Plus can be set up easily in a matter of minutes, and its intuitive web-based UI will ensure that end-users easily embrace password self-service.
- PWM, on the other hand, offers only standard password reset and account unlock functionalities. It lacks some of the basic features that will ensure the success of password selfservice such as forced enrollment. It is also difficult to set up and maintain.
- Furthermore, being an open source software, PWM lacks official support. You have to rely on online forum for any assistance with the product. Meanwhile, ADSelfService Plus has a dedicated 24x5 email, voice and chat support, a fledging online forum, a plethora of knowledge base articles and technical guides to assist you.
- Overall, ADSelfService Plus will give you a better return on investment by ensuring that password reset calls are a thing of the past in your organization.
What customers say about us
CAMH will be able to save close to $26,000 a year on service desk calls related to Active Directory password resets and locked accounts, and will see a return on investment within the first six months of product implementation.
Judy OlivierProject Manager, CAMH
This tool helps me be in command of the technical environment in my Active Directory network. It is easier to find logs and manage more effectively. The cost for the many features got our attention.
Diego PontesTecnisa SATecnisa SA
Just about the best piece of security software that would put a smile on any security administrator
Jacinto GodinhoAdministrator: Quality Assurance and IT Security, Al-Ahli Bank of Kuwait