ManageEngine ADSelfService Plus vs One Identity Password Manager
ManageEngine ADSelfService Plus is an integrated Active Directory (AD) self-service password management and single sign-on solution. This solution helps domain users perform self-service password reset and account unlock, and self-update of personal details (e.g., contact numbers and photos) in AD. ADSelfService Plus also provides AD-based single sign-on (SSO) for 100+ enterprise applications such as Office 365, Salesforce, and G Suite and secures access to network resources by enabling two-factor authentication for Windows logons.
One Identity Password Manager is a simple self-service solution that enables end users to reset forgotten passwords and unlock their accounts. On integration with One Identity Hybrid Subscription, One Identity Password Manager provides a myriad of cloud-delivered features and services. Also, Starling two-factor authentication provides a wide range of second factors to protect administrative and end-user access in Password Manager.
While ADSelfService Plus empowers users with AD-related self-service capabilities as well as help them maintain one identity over several applications, One Identity Password Manager functions predominantly as a simple password reset tool.
Highlights of ADSelfService Plus:
- Protects critical resources against potential threats with an additional layer of security to every remote and local Windows login.
- Help implement strong password policy that includes dictionary rule, pattern checker, and many other advanced options for all enterprise applications.
- Provides access to self-service portal right from the Windows and Mac login prompts.
- Offers access to 100+ cloud applications with one-identity via AD based single sign-on (SSO)
- Completes enrollment data via CSV or in-house database that securely completes enrollment process without user intervention.
ManageEngine ADSelfService Plus
| Features | Description | ManageEngine ADSelfService Plus Try now |
One Identity Password Manager | ||
|---|---|---|---|---|---|
| Core Features | |||||
| Self-reset Password | Allow users to reset their passwords without depending on the help desk. | ||||
| Self-Account Unlock | Users can unlock their accounts without calling the help desk. | ||||
| Password Expiration Notification | Notify users via email, SMS, and push notifications to inform them about their password expiry date, and ask them to change their password before it expires. |
(built-in feature) |
|||
| Account Expiry Notification | Notify users and their managers via email, SMS, and push notifications about impending account expiration. | ||||
| Change Password | Allow users to change their password from anywhere, at any time. | ||||
| Password Synchronizer | Synchronize password changes across various applications like G-suite, Office 365, and Salesforce. |
(Not an in-built feature and the workaround requires integration with One Identity Quick Connect Sync Engine) |
|||
| Enterprise Single Sign-On | Provide access to SAML -based 100+ enterprise applications like G suite, Office 365, and Salesforce by signing in just once to. |
(Not an inbuilt feature and the workaround requires integration with Quest Enterprise Single Sign-on) |
|||
| Windows Logon TFA | For improved security of your network resources, users will be required to enter their password, and additionally authenticate via the selected authentication methods. |
The second level of authentication can be through one of the following:
|
Not an inbuilt feature and the workaround requires integration with any one of the following products:
|
||
| Password Policy Enforcer | Enforce custom password policies with varying complexities including dictionary rule and pattern restriction. |
(Not an in-built feature and the workaround requires One Identity Password Policy Manager to be installed on all domain controllers) |
|||
| Directory Self-Update | Allow users to maintain their information up-todate in AD | ||||
| Identity Verification Methods | Authentication techniques to verify users’ identity |
|
|
||
| Mail-group Subscription | Allow users to opt-in or opt-out of the specified distribution groups. | ||||
| Additional Features. | |||||
| Cached Credentials Update | Updates the local cache stored in the users’ machine so that remote users can access their machine even if they forget their password. | ||||
| Password Self-service Login Agents for Windows and Mac | Allow users to access the self-service portal from the Windows and Mac login prompts. |
(Users can access the self-service site only from the Windows login screen, not Mac.) |
|||
| Approval Workflow | Review and approve self-service actions performed by the users. | ||||
| Ease of Installation and Deployment | The application can be installed without any prerequisites. |
(Requires .NET framework v4.1, IIS 7.0 or above and Visual C++ 2015 runtime libraries installed) |
|||
| Rebranding | Customize the self-service portal with your brand name, logo, etc. | ||||
| Variety of modes to deploy login agent to client machines | Deploy the login agent onto client machine through:
|
Deployment is possible only through GPO. |
|||
| Employee Search and Organization Chart | Allow users to search for their colleagues' information, and find their position in the organization's hierarchy. | ||||
| Enrollment Capabilities. | |||||
| Forced Enrollment of Users | Forces users to enroll when they log into their machines. | ||||
| Automatic Enrollment - Type 1 | Reuse enrollment data from your in-house database. | ||||
| Automatic Enrollment - Type 2 | Import enrollment data from a CSV file and enroll users. | ||||
| Enrollment Reminders | Send email or push notifications to remind users to enroll. | ||||
| Reporting Capabilities | |||||
| Built-in Report Generation | In-depth reports to give a holistic view of various user activities. |
(Requires MS SQL servers with SQL Server Reporting Services) |
|||
| Report on Users’ Enrollment Status | View the enrollment status of users. | ||||
| Report on Users’ License Status | Displays the license status of user accounts | ||||
| Identity Verification Failure Audit Reports | Details on users who have failed to establish their identity. | ||||
| Report Scheduler | Automatically generate the reports and and email them to managers, admin, and users at the specified times. | ||||
| Accessibility | |||||
| Web Interface | Allow access to the self-service portal from a web browser | ||||
| Mobile Interface | Allow access to the self-service portal from a mobile browser. | ||||
| Native Android and iOS Apps | Android and iOS apps for password reset and account unlock on the go. | ||||
| Security | |||||
| Login Two-factor Authentication | Users will be required to enter their password, and additionally authenticate via the selected authentication methods while logging into ADSelfService Plus. |
(Available on integration with a another product) |
|||
| Password Strength Analyser | Forces the user to meet the security stance of your organization. |
(Requires configuration in the web.config file) |
|||
| Captcha-based Verification | Displays a CAPTCHA image and requires users to enter the displayed characters. | ||||
| Block Users | Blocks users who have failed to prove their identity | ||||
Can the solution be considered value for money?
The professional version starts at $ 1195 for 500 users.
Conclusion
- Both ManageEngine ADSelfService Plus and One Identity Password Manager are equally capable in allowing users to reset forgotten passwords without IT intervention. However, ADSelfService Plus is also inclined towards securing password management with TFA and password policy enforcer. One Identity Password Manager primarily focuses on self-service actions and requires integration with several other One Identity products to deal with security relevant actions such as MFA and enforcing custom password policy.
- If you are looking for a solution to ease the burden on your IT team by eliminating password-related help desk calls as well as make your workforce more productive, ADSelfService Plus is your best choice!
