Product |
Avatier Identity Management Suite |
Oracle Identity Manager & Role Manager |
Microsoft Forefront Identity Manager |
Sun Identity Manager & Role Manager |
Quest ActiveRoles Server |
Architecture |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Platform |
Windows |
Unix |
Windows |
Unix |
Windows |
32-bit & 64-bit |
✓ |
x |
✓ |
x |
x |
29 languages |
✓ |
x |
x |
x |
x |
Compact unified product and code base |
✓ |
x |
x |
x |
✓ |
Built on a Business Process Management (Workflow) Platform |
✓ |
x |
x |
x |
x |
Built on a Role-based Access Control Platform |
✓ |
x |
x |
x |
x |
Metadirectory for multi-directory management ¹ |
✓ |
✓ |
✓ |
✓ |
x |
Programmable web services process automation platform |
✓ |
✓ |
Limited |
✓ |
x |
Scalable multi-instance synchronization engine |
✓ |
✓ |
x |
✓ |
N/A |
Platform supports High Availability and automatic failover |
✓ |
✓ |
x |
✓ |
x |
Security |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Centralized authorization for entitlement aware applications |
✓ |
✓ |
x |
✓ |
x |
Continuous permissions enforcement for traditional applications and resource systems |
✓ |
Limited |
x |
Limited |
x |
Delegate Administration |
✓ |
✓ |
x |
✓ |
x |
Role Functionality |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Enterprise Role-Based Access Control |
✓ |
✓ |
x |
✓ |
x |
Hierarchical Roles |
✓ |
✓ |
x |
x |
x |
Top Down Role Mining |
✓ |
x |
x |
x |
x |
Role engine inventories and enforces permissions in managed systems |
✓ |
x |
x |
x |
x |
Rights-Based Approval Routing (RBAR) - automatic role-based delegation of permission approvals |
✓ |
x |
x |
x |
x |
Workflow |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Integrated workflow engine |
✓ |
x |
x |
x |
x |
Business processes run as workflows, not simply as approvals |
✓ |
Limited |
x |
Limited |
x |
Rights-Based (RBAC) workflow approval routing |
✓ |
x |
x |
x |
x |
Scheduled workflows |
✓ |
x |
x |
x |
N/A |
Event-based workflows |
✓ |
✓ |
x |
✓ |
N/A |
Advanced Microsoft Support |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Collection of AD and ADAM objects |
✓ |
✓ |
✓ |
✓ |
x |
Continuous enforcement of file share permissions |
✓ |
x |
x |
x |
x |
Exchange Resource Forest support |
✓ |
x |
x |
x |
Yes, but requires additional product |
Advanced Exchange mailbox load balancing |
✓ |
x |
x |
x |
x |
Control the ability to manage distribution list membership in Outlook |
✓ |
x |
x |
x |
x |
Real-time display and management of AD objects |
✓ |
x |
x |
x |
✓ |
Dynamic Groups based upon multi-directory data |
✓ |
Limited |
✓ |
Limited |
✓ |
Can utilize existing AD groups and OUs as RBAC roles and locations |
✓ |
x |
N/A |
x |
N/A |
Deleted AD user and mailbox recovery |
✓ |
x |
x |
x |
Yes, but requires additional product |
Disable AD user and mailbox |
✓ |
x |
x |
x |
x |
Password Reset
Self-Service |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Multi-directory password self-service reset |
✓ |
✓ |
✓ |
✓ |
Yes, but requires additional product |
Forced password self-service reset enrollment |
✓ |
x |
x |
x |
x |
Allows reset prior to network login |
✓ |
x |
x |
x |
x |
Can support 3rd-party Two-factor Authentication |
✓ |
✓ |
N/A |
✓ |
N/A |
Customization |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Point & Click workflow |
✓ |
x |
x |
x |
x |
Web Service APIs SDK |
✓ |
✓ |
x |
✓ |
x |
Program-free web form creation |
✓ |
x |
x |
x |
x |
User Experience |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Familiar iPhone UI |
✓ |
x |
x |
x |
x |
Compatible with IE, Firefox, Safari, Chrome & Opera |
✓ |
x |
x |
x |
x |
Reporting |
Avatier |
Oracle |
Microsoft |
Sun |
Quest |
Pre-built reports |
✓ |
✓ |
x |
✓ |
✓ |
PDF export |
✓ |
x |
x |
x |
x |
Trending reports |
✓ |
x |
x |
x |
x |
