ManageEngine ADSelfService Plus vs LDAP Account Manager
The prime objective of self-service password reset software is to allow end-users who have forgotten their passwords or have been locked-out of their accounts, to securely reset their own passwords and unlock their accounts without help desk intervention. ManageEngine ADSelfService Plus and LDAP Account Manager (LAM Pro) are two software products that serve this purpose. While the former packs an array of self-service features at an affordable price, the latter lacks some nifty features.
ManageEngine ADSelfService Plus
| Feature Description | Description | ManageEngine ADSelfService Plus Try now |
LDAP Account Manager | ||
|---|---|---|---|---|---|
| Core Features | |||||
| Self-reset Password | Users can reset their forgotten passwords without calling helpdesk |
Remarks- Requires installation of LDAP schema that comes bundled with LAM Pro. |
|||
| Self-unlock Account | Users can unlock their locked out accounts without calling helpdesk | ||||
| Password Expiry Reminder | Notify users to change password before it expires via email and SMS | ||||
| Account Expiration Reminder | Notify users and their managers about impending account expiration | ||||
| Employee Directory Self-update | Employees can update their profile information in Active Directory | ||||
| Password policy Enforcer | Enforce custom password policies with varying complexitie s | ||||
| Multi -platform Password Synchronizer | Synchronize password and account changes across multiple platforms | ||||
| Single Sign -On | Single Sign -On support for SaaS application s | ||||
| Real -time Password Sync Agent | Synchronize password changes across a range of cloud -based and on -premise applications in real - time | ||||
| Cached Credentials Update | Update cached credentials when users reset their passwords even if they are not connected to the corporate network. | ||||
| Help Desk Assisted Password Reset and Account Unlock | Integrate password self-service with your review and approval based help desk software. | ||||
| Mail Group Subscription | Users can opt-in or opt-out of distribution groups | ||||
| Employee Search | Users can search for their colleagues information | ||||
| Organization Chart | Users can find their position in the organization hierarchy | ||||
| Change Password | Users can change their password from anywhere, anytime | ||||
| Accessibility | |||||
| Web Interface | Users can access the self-service portal from a web browser | ||||
| Mobile Interface | Users can access the self-service portal from a mobile browser | ||||
| Native Android and iPhone Apps | Android and iPhone apps for ‘on the go’ password reset and account unlock | ||||
| Windows Logon Agent | Users can access the selfservice portal from the Windows login prompt | ||||
| Mac Logon Agent | Users can access the selfservice portal from the Mac OS X login prompt | ||||
| Security | |||||
| Available Authentication Techniques | Authentication techniques available to verify users’ identity | Security Q&A, SMS & email verification codes, Google Authenticator | Security Q&A, and email verification | ||
| Custom OU and Group-based Password Policies | Restrict features to certain users based on OUs and Groups | ||||
| Password Reset and Account Unlock Limit | Limit the number of times that users can reset passwords and unlock accounts in a specific time duration | ||||
| Account Unlock, Password Reset & Change Notifications | Notify users via e-mail & SMS upon successful password reset / change / account unlock | ||||
| Password Strength Assessment Tool | Tool to analyze the strength of the passwords in real time as the user types them | ||||
| Enforce Password History during Password Reset | Enforce Active Directory Password History Settings during password reset | ||||
| CAPTCHA Verification | A challenge-response test used to determine whether or not the user is human | ||||
| Session Timeout | Users are automatically logged out if they are idle for a specified period of time | ||||
| Block Users | Users who repeatedly fail password selfservice will be automatically blocked for a few minutes | ||||
| Enrollment Options | |||||
| Force users to enroll when they log in to their system | Users can be forced to enroll when they log in to their system | ||||
| Notify users to enroll by sending them an enrollment reminder | Users can be asked to enroll by sending them an enrollment reminder | ||||
| Import enrollment data from a CSV file and enroll users without their intervention | Import enrollment data from a CSV file and enroll users without their intervention | ||||
| Reuse data in Active Directory to automatically enroll users | Reuse data of users from Active Directory to automatically enroll users | ||||
| Reuse enrollment data from your in-house database | Reuse Security Q&A data of users from your in -house database to enroll users | ||||
| Additional Features | |||||
| Multiple Domain Support | Manage multiple domains from a single window | ||||
| Single Sign-on | Automatically detects applications that use Windows credentials and logs in the users | ||||
| Mobile Push Notification for reminders and events | Notify mobile users with push notifications on Enrollment reminders and soon - to -expire passwords | ||||
| Multi -language Support | Support for multiple languages | ||||
| Rebranding | Customize the self-service portal with your own name, logo, etc. | ||||
| Reporting Capabilities | |||||
| Dashboard which details all critical user related information | Administrator’s dashboard which details all key user related information | ||||
| Reports on user actions, their password status and more | Reports on user actions, their password status and more | ||||
| Reports on users with soon -to - expire passwords, locked -out users, password expired users | Complete reports on users, locked out users, Soon -to -expire password users, and password expired users. | ||||
| Report on users’ enrollment status | Administrator can check the registered users in the following reports - Enrolled users, Non -Enrolled users, Licensed users, Security questions and answers | ||||
| Export reports for later use in a target file format such as HTML, PDF, CSV, etc. | Reports can be saved for later use in a target file format | ||||
| Schedule and send selected reports via email | Scheduler to create and send selected reports via email | ||||
Can the solution be considered value for money?
Component-based pricing model
The Standard edition starts at $ 595 for 500 users
The professional version starts at $ 1195 for 500 users.
Conclusion
While both ADSelfService Plus and LDAP Account Manager try to clamp down on password related help desk calls, ADSelfService Plus trumps LDAP Account Manager by providing extra self-service features like Self Account Unlock, Mail Group Subscription, and Employee Search.
ADSelfService Plus trumps LDAP Account Manager in the following categories:
- Detailed reports on all users’ self-service actions, password status.
- Multiple ways in which to enroll the users for password self-service.
- The ability to allow users to reset passwords and unlock accounts while on the move with the native Android and iOS applications.
- The ability to let users change their passwords even when not connected to the corporate network.
- It is clear from the above comparison that ADSelfService Plus is vastly superior to LDAP Account Manager in terms of both feature set, and the ease with which the product can be set up and customized.
- Overall, ADSelfService Plus will give you a better return on investment by ensuring that password reset calls are a thing of the past in your organization.
