 |
 |
Quest ActiveRoles Server |
Sun Identity Manager & Role Manager |
Oracle Identity Manager & Role Manager |
Microsoft Forefront Identity Manager |
| Product Description |
|
|
|
|
|
|
A Windows Workflow-based Identity Management Platform |
A Windows-based Active Directory Management Application |
A Java-based Identity Management Platform |
A Java-based Identity Management Platform |
A Windows-based Identity Management Platform |
| General Characteristics |
 |
Quest |
Sun |
Oracle |
Microsoft |
| A single unified product and code base |
 |
|
No |
No |
No |
| Built on a Business Process Management (Workflow) Platform |
|
No |
No |
No |
No |
| Built on a Role-based Access Control Platform |
|
No |
No |
No |
No |
| Metadirectory for multi-directory management |
|
No |
|
|
|
| Programmable process automation platform |
|
No |
|
|
Limited |
| Scalable multi-instance synchronization engine |
|
N/A |
|
|
No |
| Platform supports High Availability and automatic failover |
|
No |
|
|
No |
| Security |
|
Quest |
Sun |
Oracle |
Microsoft |
| Centralized authorization for entitlement aware applications |
|
No |
|
|
No |
| Continuous permissions enforcement for traditional applications and resource systems |
|
No |
Limited |
Limited |
No |
| Role Functionality |
|
Quest |
Sun |
Oracle |
Microsoft |
| Enterprise Role-Based Access Control |
|
No |
|
|
No |
| Role directory unified with Metadirectory |
|
N/A |
No |
No |
N/A |
| Solves complications with RBAC including "Role Bloat" |
|
N/A |
No |
Limited |
N/A |
| Polyarchical RBAC |
|
N/A |
No |
|
N/A |
| Role engine inventories and enforces permissions in managed systems |
|
N/A |
No |
No |
N/A |
| External Role-based authorization for custom applications |
|
No |
|
|
No |
| Rights-Based Approval Routing (RBAR) - automatic role-based delegation of permission approvals |
|
No |
No |
No |
No |
| Workflow Functionality |
|
Quest |
Sun |
Oracle |
Microsoft |
| Has a general-purpose workflow server |
|
No |
|
|
No |
| Business processes run as workflows, not simply as approvals |
|
Limited |
Limited |
Limited |
No |
| Broadly supported workflow engine |
|
|
No |
No |
|
| Rights-Based Approval Routing (RBAR) - automatic role-based delegation of permission approvals |
|
No |
No |
No |
No |
| Supports State Machine (non-sequential) workflows |
|
No |
No |
|
Limited |
| Supports Flow Chart (line rule-based) workflows |
|
No |
|
|
Limited |
| Can publish workflows as web services |
|
N/A |
|
|
No |
| Scheduled workflows |
|
N/A |
No |
No |
No |
| Event-based and subscription workflows |
|
N/A |
|
|
No |
| Integration with SharePoint workflow |
|
N/A |
No |
No |
No |
| Microsoft Environment Management |
|
Quest |
Sun |
Oracle |
Microsoft |
| Inventory and synchronization of AD and ADAM objects |
|
No |
|
|
|
| Inventory and permissions management of Exchange mailboxes |
|
No |
No |
No |
No |
| Continuous enforcement of permissions for mailboxes |
|
No |
No |
No |
No |
| Exchange Resource Forest support |
|
Yes, but requires additional product |
No |
No |
No |
| Advanced Exchange mailbox load balancing |
|
No |
No |
No |
No |
| Live views and management of AD objects |
|
|
No |
No |
No |
| Dynamic Groups based upon multi-directory data |
|
|
Limited |
Limited |
|
| Can utilize existing AD groups and OUs as RBAC roles and locations |
|
N/A |
No |
No |
N/A |
| Deleted AD user and mailbox recovery |
|
Yes, but requires additional product |
No |
No |
No |
| Metadirectory is a native .NET Membership and Role Provider for SharePoint and other .NET apps |
|
No |
No |
No |
No |
| Password Reset Self-Service |
|
Quest |
Sun |
Oracle |
Microsoft |
| Multi-directory password self-service reset |
|
Yes, but requires additional product |
|
|
|
| Forced password self-service reset enrollment |
|
No |
No |
No |
No |
| Flexible workflow-based reset process |
|
No |
No |
No |
No |
| SSO and Federation |
|
Quest |
Sun |
Oracle |
Microsoft |
| Single Sign-On for web-based applications |
|
No |
|
|
|
| Federation Server |
|
No |
|
|
|
| Can support 3rd-party Second Factor Authentication |
|
N/A |
|
|
N/A |
| Supports Claims-Based Authorization |
|
No |
|
|
|
| Built on the Microsoft Windows Identity Foundation |
|
No |
No |
No |
|
| .NET Membership and Role Provider Directory |
|
No |
No |
No |
No |
| OpenID and Google Account Sign-in |
|
No |
|
|
|
| Programmability |
|
Quest |
Sun |
Oracle |
Microsoft |
| Visual workflow development environment with provisioning shapes |
|
No |
No |
No |
No |
| Web Service designer |
|
No |
|
|
No |
| Microsoft PowerShell as Web Services and workflow shapes |
|
No |
No |
No |
No |
| Team-based workflow source control |
|
No |
No |
No |
|
| What You See Is What You Get (WYSIWYG) user interace designers for WPF, ASP.NET and Silverlight |
|
No |
No |
No |
No |
| Can create WPF applications |
|
No |
No |
No |
No |
| Can create Windows Services |
|
No |
No |
No |
No |
| Can create console applications |
|
No |
No |
No |
No |
| Integrated Source Control and Versioning |
|
No |
Yes, but requires additional product |
Yes, but requires additional product |
Yes, but requires additional product |
| User Experience |
|
Quest |
Sun |
Oracle |
Microsoft |
| Rich, intuitive Silverlight interfaces |
|
No |
No |
No |
No |
| Microsoft Office ribbon menus |
|
No |
No |
No |
No |
| Rich WPF Client with ClickOnce deployment and Web Services through the Firewall communication |
|
No |
No |
No |
No |
| SharePoint Embedded User Interface with Automatic Theme Detection |
|
No |
No |
No |
No |
| Reporting |
|
Quest |
Sun |
Oracle |
Microsoft |
| Pre-built reports |
|
|
|
|
No |
| Report designer |
|
Yes, but requires additional product |
|
|
No |
