One Identity Active Roles Reviews

I am one of the resellers for One Identity Active Roles, so that is the reason I downloaded it.

One Identity Active Roles is generally used in complex IT setups where Active Directory plays a critical role and organizations have many compliances and mandates to be followed. For example, in India, we have many banking customers who are governed by the Reserve Bank. In the US, you have the Central Bank or Federal Bank; in India, we have something called a Reserve Bank. All the big financial sectors have to follow the mandates and compliance provided by them. Identity solutions come into that part as well. So to make sure that everybody has the right amount of access and nobody has all access, One Identity Active Roles plays a critical role over there.

In India, this kind of requirement mainly comes from regulated entities or regulated enterprises. So they prefer the on-premises solution for One Identity Active Roles. We have not had a customer in the past who has gone through the cloud solution. They want everything to be hosted on their premises. Since I have not come across the cloud-based installation yet, I cannot comment on that piece, but on-premises is what they look for in the current setup which we provide.

One Identity Active Roles brings significant value through its lifecycle management capabilities, which are very good with no complaints or problems at all.

With the inclusion of One Login, which One Identity acquired three or four years back, One Identity Active Roles has gained complete coverage. Earlier, One Identity lacked an IAM solution. They always have had the Active Directory management solution in the form of One Identity Active Roles or through the IGA solution. But with the inclusion of One Login, that has really fulfilled the requirement which customers need from a single vendor. The competition includes SalePoint, Saviynt, and others, including Ping Identity, who is also coming up with an IGA kind of solution. One Identity has been providing it for a very long time, longer than these competitors who have just started realizing all those things and providing a similar kind of solution to the customer. One Login and One Identity provide complete coverage to the customer, which is really helpful.

One Identity Active Roles brings a positive impact to organizations in that they will start realizing the ROI in a much faster manner because the implementation time is very short and it is easy to use. Additionally, since there are many regulated entities which need this kind of solution and in the market there are very few solution providers who can provide this kind of coverage, that is the advantage which One Identity Active Roles has.

If One Identity Active Roles has to be positioned for all customers, not just the entities which are being regulated, then the pricing has to be normalized. There are many solution providers in the market who can do it at a much lesser price. India is a price-sensitive market, and I can speak only for India; I cannot speak for the other part of the world. We have many local vendors who can provide these kinds of solutions. But since One Identity Active Roles is a much more mature product and has been in the market for a very long time, customers have some respect for that and they can pay the premium. But that premium cannot be three times, two times, or beyond three times. So the pricing has to be normalized based on the market. Every market has its own constraints, so the One Identity team should work on that aspect.

I have been reselling One Identity Active Roles for almost seven to eight years.

I have not had a challenge working with One Identity technical support so far. Everything is good, and I can give One Identity technical support a rating of ten.

Positive

I have worked with Microsoft earlier. I started my career with Active Directory, which is the base of providing identity in the older days. Twenty years back, when we talk about identity, it was always Active Directory from Microsoft. So I have worked with them. Now even Microsoft has come up with their own offering called Entra ID, and they are also competing with One Identity or SalePoint in a similar segment.

From the product perspective, deploying One Identity Active Roles is not that much cumbersome or troublesome. It is a very easy deployment. The only thing which we have to generally figure out is the kind of Active Directory infrastructure the customer has, and based on that, we will have to configure the rules or the policies in the tool.

From the product perspective, the installation of One Identity Active Roles will not take much time and the integration with Active Directory itself will not take much time. Installation is hassle-free and not complex at all. The only thing which takes time is the configuration part. When I say configuration, it is mainly from the policies perspective because we have to understand the customer requirement and based on that we have to create all the rules and policies so that we can fulfill all the use cases.

When I say the configuration of One Identity Active Roles, it is basically because of the customer setup and not because of the tool itself. Because you have to create a lot of policies, and those policies need to be created because the customer has that kind of complexity in their setup. Otherwise, this is an easy tool to manage. If the environment is well-configured or well-managed by the customer, then One Identity Active Roles will not take much time.

I do provide deployment for my customers. For deploying One Identity Active Roles, you need one person, and that is more than enough to manage the solution. We have a different team who does the installation of One Identity Active Roles.

One Identity Active Roles has helped my organization increase operational efficiency. Now only the right person has the right access. Not everybody can go and log into Active Directory or the identity management solution which they have directly. One Identity has a theme that they want the right people to have the right set of access, and this is what they are able to provide with their tool.

One Identity Active Roles has helped to reduce the number of erroneous privileged accounts. That is what they want to achieve. When I talk about customers, they do not want any intruders or hackers to get access to their data. This can happen even from a legitimate user if their credentials are compromised. These kinds of solutions always prohibit those kinds of activities by a hacker or a mischievous character in the organization to take advantage of the system.

One Identity Active Roles helps to reduce identity-based breaches.

Right now, a lot of the discussion is centered on agentic AI for One Identity Active Roles. An agentic AI who can do most common tasks on its own would really help.

To be very honest, the ability to provision and de-provision resources in directories needs to be handled by my technical person, since I do not belong to that field.

I feel with the kind of use cases which One Identity Active Roles addresses and the kind of market we play into, then I think nine is a good rating for them. There is always room for improvement, so hence I am not giving it a ten at this time.

We use Active Roles to bring our decentralized environment into a single pane of glass. Our entire customer base is in a single directory, and they can manage their objects without interfering with other entities in our environment. 

We saw benefits immediately. We must have these roles in place in our environment, or we'd be in big trouble. The solution improved our operational efficiency. Instead of manually applying permissions in Active Directory to thousands of OUs, we can do it in five minutes with a command in PowerShell.

It prevents us from erroneously assigning permissions. Active Roles improves our security posture by ensuring permissions are consistent and applied to the correct target every time. By taking the manual work out of the equation, we ensure we don't have any credential leaks.   

Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface.

The solution gives us granular control, allowing us to build highly customized roles and apply them across our environment. We have 500,000 separate OUs.

Active Roles could add more options for web customization. Our requirements are exceedingly specific. We'd like to get the web interface down to just five buttons, but in some cases, we can only get to six. The web interface in the current version is less customizable than in the previous one.

We have used Active Roles for 10 years over two periods. 

We've had no issues with crashing, but we've had problems with the web interface lagging. We're not sure if that's the infrastructure. 

One Identity is pretty scalable. We have SQL on the back end so that we can spin up a VM and bring up a new web interface. It has a new feature where a workflow can run on a dedicated server, and we don't need to use our frontend servers for workflow activities. 

I rate One Identity support nine out of 10. We are happy with the quality of One Identity's support team. We get a response within one or two days. Our unique organization has uncommon problems, so we typically need tier 2 or 3 support. The good thing about One Identity is that we don't need to spend a few days convincing them to escalate.  

Positive

Deploying Active Roles was easy. We had prior experience, and help from professional services made it easier. Our environment is unique, and their professional services helped tremendously with our odd use cases. You can stand up an out-of-the-box deployment in a couple of days. We had one primary engineer and two assistants on the deployment team. 

I wasn't involved in purchasing the solution, but I get the impression from management that it's priced about the same as other products, and we get more value from it. 

I rate One Identity Active Roles 10 out of 10. My suggestion to future users is to map out your roles with as much granular precision as possible. 

We're trying to solve the same problems with fewer products. We're not there yet, but we plan to consolidate, and our customers are happy with One Identity products.

We use it for various purposes, such as automating tasks in an Active Directory environment. 

It assists the help desk in doing certain tasks in a more controlled manner, for instance, setting up new users. We enforce required fields to prevent setting up users without them, ensuring that certain fields meet specific requirements. It also facilitates easier management of various security features than Active Directory.

It has helped increase operational efficiency in our organization. We have a clear structure. There is a reduction in the mistakes.

It is an easier way for me to manage Active Directory with more advanced features.

The console helps with granular control.

There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.

I have used the solution for a bit more than three years.

It is stable. I would rate it an eight out of ten for stability.

It seems scalable.

It is good. I would rate them a nine out of ten.

Positive

It is good, and I would recommend it, but you should do a proof of concept and see if it works for your environment. 

Overall, I would rate the solution an eight out of ten.

I am an implementer for the product. I install Active Roles for companies.

Active Roles helps my clients by reducing erroneous privileged accounts, often cutting them in half. It also reduces IT administrators' time spent on these tasks by 5 to 10 percent.

My clients can save money on licensing. We can bundle Active Roles with other IGA solutions and save on overall service renewal. The solution improves user experience for most users. The end-users generally only use the self-service portion, which they like. It's easy for them to use. Unfortunately, there is one annoying setting that they initially set, but that could easily be remedied in the future. For IT users, it's a mixed bag. Administrators love it. I think it's wonderful. Depending on how the administrators deploy it, the help desk users either think it's great or hate it because they want to use a console.

The best part of this Active Roles is the workflow engine. It features an industry-leading workflow automation feature. It's a visual PowerShell that allows task interruption. 

It offers single-pane-of-glass management to a degree. Right now, the Azure side can only be done from the web UI, not the console. The administrative side can only be done from the console, not the web UI. 

Conditional access works well. Combined with RBAC, it always works well with Active Roles because Active Roles can do access based on dynamic implementation.

The permission management feature is also excellent, clearly showing delegated permissions. Active Roles tells you when any permissions are done without going into this crazy fine-grained permission strategy that is horrible compared to Active Roles' template-based permissions. You can design on your own. It easily shows where all the permissions are delegated.

Unfortunately, you can't do much with zero trust and Active Roles at the moment unless you combine them with Safeguard. It lines up with using zero trust if you combine a couple of different workflows together.

Active Roles can fix many little problems that have never been resolved and have lingered for years, continuing to annoy people. For example, you can't search by object GUIDs. The manual says you can, but it hasn't worked in five years. 

I have been using Active Roles for about 15 years.

I would rate the stability of the Active Roles eight out of 10. It's a fairly stable product but not perfectly reliable.

Active Roles is super easy to scale.

I rate One Identity support 10 out of 10. Customer service and support are fantastic. The support team is very responsive. I love those guys.

Positive

I have used KAOSoft and AD Access previously. Active Roles has PowerShell modules and a whole PowerShell backend that none of the other solutions do. That's where they lose the most. PowerShell makes a considerable difference compared to those other applications.

The initial setup is generally straightforward. It takes a week or two for an inexperienced organization to set it up, but I can do it in a day or less. It could involve multiple teams, depending on what you're doing. For example, if you're integrating Exchange, you need Exchange admins to be involved.

Active Roles always saves my clients money, mostly in licensing and service renewal.

The pricing for Active Roles is expensive but not as expensive as other solutions like Okta.

I have evaluated KAOSoft, AD Access, and Okta, among others.

I rate One Identity Active Roles 10 out of 10. Managing singular identities without a management suite is difficult. Active Roles is not an identity and access management solution. It's an Active Directory management suite.

I use it primarily for granting, managing, and auditing access.

The ways Active Roles has improved the way we operate are through workflows and user onboarding, automatic user management, group permissioning, adding users to the right groups based on the department, and distribution list creation based on dynamic group membership and active users.

And because of the single interface and workflows, it has simplified AD and Azure AD management efficiency and security.

The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

I have been using One Identity Active Roles for eight months.

It's a stable product.

It's also a scalable product. We have about 14,000 users.

The best thing about their Premier Support is their assistance with customization and resolving issues that arise.

Positive

Our company chose One Identity Active Roles rather than something else because of the auditing capabilities and workflow capabilities.

The initial setup was quite easy, but it was time-consuming. It took about three months.

It's expensive.

Compared to native Active Directory tools, in terms of accuracy and security, Active Roles is a nine out of 10.

Understanding the requirements and the key areas on which you want to focus before deploying it is vital to making sure it caters to your needs.

Overall, it enables a lot of automation and workflow-type processes. It also allows for human intervention and has auditing and reporting capabilities that include generating an automated report on a periodic basis for management review.

We're using it for identity management, including the creation of accounts and synchronizing them with our HR system. 

It improves things in many ways. You have control over what attributes the service desk analyst can change and you can provide them with lists of changes. You can build in the integrity rules. It also definitely simplifies management on-prem. It definitely is a plus to use this tool.

We do automated provisioning and it's set from HR through this tool. It's all instant. If it had to be done manually it would probably take a couple of hours per user, but we've had it set up like this for 10 years so I'm not sure how much time it's saving us.

It has so many features. Dynamic Groups are good and the ease of delegation is useful as well.

The Group Family feature is okay, but there are some issues around its use for creating objects automatically, based on HR attributes.

Another issue is that it doesn't look like the hybrid connections are particularly mature. We haven't really used it much. We have a couple of guys setting it up who don't really like the way it's working. It uses a synchronization tool to do that. Native integration with the cloud would be better.

Also, we're trying to manage Office 365 mailboxes and although it will create a mailbox in the cloud, it won't do shared mailboxes. That means we're having to write custom solutions for that.

Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up. Some of their built-in functions will work off of both servers and I don't see why this shouldn't as well.

Another similar gripe is that when you run custom Active Roles policies, they'll actually trigger on both hosts, not on one. In that scenario, it would be better if they would trigger on one host, unless it wasn't available. For example, if you're writing to the event log, you have a custom task and it will show up multiple times because it's being processed by multiple front-end hosts.

I've been using One Identity Active Roles for 10 years.

It's a stable solution.

It's scalable, but I don't know how scalable. A lot of it is running off of custom scripts and the question is how scalable those are in large environments. We don't have a massive environment, but we have no issues with it for our 2,000 employees. I'm guessing that if you get up to 100,000 to 200,000 employees, it would start struggling.

It's used in our organization for management of any objects inside Active Directory, so anyone who manages anything in Active Directory uses the tool.

We use the vendor's Premier Support. We wouldn't run any product like this without vendor support. It's quite critical to our company, so it would be crazy to do that with support that wasn't working. At the times we've had to deal with them, they have usually been pretty responsive.

Positive

The solution we had before Active Roles was custom-made for the company and it was written about 13 years ago.

The initial setup of the solution was straightforward. It took a few hours. I'm the only person on our IT team who handles this product, in terms of deployment and maintenance. 

We haven't measured ROI, but given that it provides automation and does save quite a bit of time, there is definitely a return on investment.

It's fairly priced.

In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what.

In fact, you can do that for many objects as well. You can see what that object can manage and who can manage the objects. You can answer an auditor's questions fairly quickly. It's just much clearer than it is in Active Directory.

I don't believe the solution enables you to create a user in the cloud and give them access to resources through a single workflow; not out of the box. You could certainly create that, but we don't do that. We use Azure AD Connect for that. We create the user account on-prem, and Azure AD Connect will create that user in the cloud for us.

Definitely do a PoC, but I would recommend Active Roles for a small company. I don't know if it would actually scale. You have to write custom scripts for a lot of it, whereas built-in functionality would generally be quicker. But for small companies of 2,000 employees, and maybe a little bit bigger, it's a great product. It's so much easier and cheaper than any of its rivals.

We use the solution for managing access to, shared drives and access for Active Directory.

We like that we can manage our groups and access. You can get granular in terms of the access control.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow. That's very important for our organization. It allows us to assign access accordingly for the file shares for admin access to servers.

It enables zero trust security with hybrid, AD, delegation, and role-based access control. It's extremely important for us.

The solution has not enabled us to reduce password reset times.

It has not automated provisioning.

The group attestation could be improved. It was a feature that was available in version 5. You can configure it, however, it's no longer out of the box. My understanding is that they will put that feature back in again. However, right now, it's a feature that is lacking.

The way you can search groups could be better. When a company has a large number of groups it's very difficult to search the groups and assign the different columns.

I've used the solution for many years. It's likely been ten to 15 years. 

The solution is stable. 

The solution is scalable. 

We have about 2,000 users using the solution at this time. 

It's being used quite extensively and we have plans to increase the use to manage the Active Directory.

We use the vendor's regular support. Sometimes the response time is slow. Sometimes we don't feel the answers they give are correct. It seems like they don't really know what the cause of the issue is, so they tell us it's not available in the version. 

Neutral

I do not recall us using a different solution previously. 

The initial setup was quite straightforward. I'm not sure how long it took to deploy. It was too long ago. 

There isn't maintenance needed. It just needs upgrading. There's a team of three or four people that manage that. 

I have witnessed an ROI while using the product over the last ten years. Resource-wise, we've saved about 20% of resources in comparison. 

The solution is fairly priced. That said, I have nothing to compare it to. 

I'm a project manager.

I can't compare the solution to anything else. We don't use anything else, and we've not used anything else for many years. 

I'd recommend the solution to others. It's a great tool. I'd rate the solution seven out of ten.

The solution is used for lifecycle management and can be deployed on-prem or cloud.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow which is important to all our clients.

The solution enables zero trust security with hybrid AD fine-grained delegation and role-based access control which is important to all our clients. 

The solution acts as a firewall against Active Directory, requiring our IT team to go through active roles and get approval to make changes. It has also reduced our onboarding time from one or two weeks to five or ten minutes.

The solution reduces the time it takes to reset a password to under one minute.

The solution simplifies Active Directory and Azure Active Directory management efficiency and security. It has a proxy layer, which means that no one talks to the connecting platform directly. All requests go through the active roles, which act as a proxy layer. We can set all kinds of policies, rules, and business enforcement policies on the proxy layer. This means that nothing flows to the platforms without proper information or proper data standardization. The solution manages and streamlines everything in this proxy layer.

The automated provisioning can be completed in under ten minutes.

Secure access is the most valuable feature.

The solution needs an attestation process that includes certification and recertification attestation.

The pricing is high and has room for improvement.

I have been using One Identity Active Roles for 20 years.

The solution is extremely stable. I give the stability a ten out of ten.

The solution is highly scalable and used by customers worldwide.

The technical support is responsive and helpful.

Positive

I previously used ManageEngine ADManager Plus, but I switched to One Identity Active Roles because it is more robust and highly scalable. ManageEngine is lightweight and it slows down when the number of users increases.

The initial setup is straightforward. Deployment takes around 20 minutes and depends on the type of deployment: integration, application, life cycle management, or RMAD management. However, there is usually a design and discovery phase that we conduct. Based on the discovery phase, we finalize the scope of the implementation that the end user wants to implement. This may include RMAD integration or both.

We implement the solution for our customers.

Customers typically see a return on investment within one or two months of using One Identity Active Roles.

The pricing is on the higher end.

I give the solution an eight out of ten.

Although small companies can use the solution, it is not essential for them. However, it is recommended for medium and large organizations.

One Identity Active Roles exist because of the shortfalls in Active Directory.

Before implementing One Identity Active Roles, it is important to identify the pain areas and challenges that the solution can address. This solution provides a lot of options and is highly customizable, so it is important to start with the key pain areas and challenges that the organization is facing. By doing so, the organization can gradually increase the scope of the implementation and reduce delays in automating or executing certain tasks.

It is common for people in organizations to resist change. They often prefer to work in the same way they have always worked, with the same tools and processes. In order to get people to adopt a new solution, such as One Identity Active Roles, it is important to convince them of the benefits of the change. This can be done by demonstrating how the new solution will improve efficiency, reduce costs, or increase security. It is also important to get buy-in from both the top management and the technical staff. Once everyone is on board, the change is much more likely to be successful.