There are three ways to manage JD Edwards EnterpriseOne Security :
1. Just with the provided EnterpriseOne security applications
2. Using QSoftware applications
3. Using AllOut applications
The better question is "why use a 3rd party security application" - and the answer is to dramatically cut down operational management of your security and be able to impose true closed-door security and provide audit reports to prove that.
Without a 3rd party security application, JDE security is quite clunky. While JDE provides all of the actual security types - it is very, very granular. If you only have a few dozen users to manage, you can successfully manage without a 3rd party application. But as soon as your user counts hit hundreds or even thousands - you need to have a product that provides true closed-door security, can manage the user access to applications, can cross-reference access between applications (identifying "short cuts" to disallowed functionality), provide segregation of duties and provide reports that show an accurate security for SOX and SoD.
Now - the follow-up question would then be "which is better, QSoft or AllOut" - and this isn't the forum for that. You need to perform an analysis of both products and invite both of the companies' sales-team to help you form an opinion on what would be a better fit. I have worked with both, and both products indeed provide a much more manageable security solution in comparison to just trying to do it with the internal tools.