No more typing reviews! Try our Samantha, our new voice AI agent.
senior developer at Wealthcompany.in
Real User
Top 20
May 28, 2026
Automated onboarding has transformed access control and governance in daily directory operations
Pros and Cons
  • "One Identity Active Roles has had a strong impact on Active Directory operations by reducing manual administrative workload, improving access governance, and standardizing provisioning and permission management procedures."
  • "Areas for improvement in One Identity Active Roles include UI modernization, workflow customization, flexibility in reporting, and troubleshooting visibility."

What is our primary use case?

My main use case for One Identity Active Roles is centered on Active Directory automation and delegated access management. It helps reduce manual AD administration, control, automated onboarding, offboarding, and simplifies compliance and auditing across the organization.

One specific example of how I use One Identity Active Roles for automation or delegated access management in my daily work is automated employee onboarding. When HR adds new employee details, One Identity Active Roles automatically creates their AD account, assigns them to the correct OU group membership, and applies permissions based on the department or role. This reduces manual effort and provisioning time significantly.

What is most valuable?

The best features One Identity Active Roles offers are automation, delegated administration, role-based access control, approval workflow, and centralized auditing. For me, automation and delegated administration made the biggest difference because they reduce manual Active Directory workload and improve security by limiting unnecessary privileged access.

One area where One Identity Active Roles has positively impacted my organization is through automation and delegated administration. For example, instead of giving full domain admin rights to our service desk team, I delegate only specific tasks such as password reset, account unlock, or group management through our RBAC policies. On the automation side, when the employee leaves the organization, One Identity Active Roles automatically disables the account, removes group membership, and updates access policies, which reduces manual efforts.

What needs improvement?

Areas for improvement in One Identity Active Roles include UI modernization, workflow customization, flexibility in reporting, and troubleshooting visibility. This is particularly important in large environments when managing complex approval workflows.

For how long have I used the solution?

I have been using One Identity Active Roles for about four to five years.

Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,748 professionals have used our research since 2012.

What do I think about the stability of the solution?

One Identity Active Roles has been stable in my environment. Even with a large Active Directory environment and multiple delegated administration workflows, I did not face major stability issues. Most operational challenges were more related to workflow complexity or synchronization troubleshooting rather than product outages or crashes.

What do I think about the scalability of the solution?

One Identity Active Roles scales well in large enterprise environments. It can efficiently manage thousands of users, groups, OUs, and Active Directory administrative tasks through centralized automation and delegation. In my environment, with a large AD structure and multiple workflows, it scales reliably. Although in very complex hybrid environments, workflow performance and synchronization tuning can sometimes require additional tuning and planning.

How are customer service and support?

The support for One Identity Active Roles has generally been good in my experience. The support team has been technically knowledgeable, especially for Active Directory integration, RBAC, and workflow-related issues. For normal operational issues, the support team has been responsive and helpful, but for complex enterprise cases or advanced support, the escalation and resolution could sometimes take longer, depending on the environment complexity.

I would rate customer support for One Identity Active Roles around 7 out of 10. The technical knowledge of the support team is good, especially for Active Directory and RBAC related issues, but sometimes response and escalation times for complex enterprise problems could be slower than expected.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, I mainly relied on native Active Directory tools, manual administration, and some PowerShell scripting for user provisioning and permission management. As the environment grew, managing users, groups, and delegating permissions manually became time-consuming and harder to track from a governance and compliance perspective, which is why I moved to a more centralized and automated solution.

How was the initial setup?

Integrating One Identity Active Roles with my existing IT infrastructure was moderately easy overall. Since my environment was already heavily based on Active Directory and Microsoft technologies, the core integration was straightforward. The more challenging part was configuring complex workflows, delegated permissions, and integrating hybrid or customized environments, which required careful planning and testing.

What was our ROI?

I saw a good ROI with One Identity Active Roles. This was through reduced manual administration, faster user provisioning, and lower service desk workload. Routine tasks such as password resets, account unlocks, and group management became more automated, which saved significant operational time. I also saw fewer manual errors and better compliance visibility.

What's my experience with pricing, setup cost, and licensing?

Pricing, setup, and licensing for One Identity Active Roles were generally good for an enterprise environment. Although the initial setup and licensing can be high for a smaller deployment, it requires proper planning around the AD architecture, RBAC design, and workflow configuration. It reduced significant manual administration work and operational efficiency for tasks and compliance.

Which other solutions did I evaluate?

Before choosing One Identity Active Roles, I evaluated options such as Microsoft Identity Management and SailPoint IdentityQ. I selected One Identity Active Roles mainly because of its strong Active Directory integration, delegated administration capabilities, automation features, and easier RBAC management for my environment.

What other advice do I have?

My impression of the automation capabilities provided by One Identity Active Roles is positive, especially for organizations heavily dependent on Active Directory administration and governance. The automation, delegated administration, and RBAC capabilities reduce significant manual operational work and improve security controls. At the same time, in large environments, workflow complexity and troubleshooting can still require experienced administrators. Proper planning and documentation are important for successful implementation.

One Identity Active Roles has had a positive impact on my organization's compliance efforts by improving centralized auditing, enforcing RBAC and least privilege access, and providing better visibility into AD changes and administrative activities. Earlier, tracking permission changes and user activity was more manual and time-consuming, but One Identity Active Roles made audit and compliance reviews much easier through centralized reporting and approval workflows.

One Identity Active Roles has had a strong impact on Active Directory operations by reducing manual administrative workload, improving access governance, and standardizing provisioning and permission management procedures. It also improved security because privileged access became more controlled through RBAC and delegation instead of using broad domain admin permissions for routine tasks.

One strong feature in One Identity Active Roles is fine-grained permission control and least privilege implementation. Instead of giving full domain admin rights, I delegate only specific tasks such as password reset, account unlock, or group management to our service desk based on our RBAC policy.

My advice to others considering One Identity Active Roles is to first design the RBAC model, delegation structure, and approval workflows properly before implementation. One Identity Active Roles gives strong automation and governance capabilities, but if the AD structure and access processes are not organized, complexity can increase later. I would also recommend starting with a phased rollout and involving both security and AD administrator teams early, especially in large enterprise environments. I would rate this product 8 out of 10 overall.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 28, 2026
Flag as inappropriate
PeerSpot user
Twinkle Solanki - PeerSpot reviewer
Business development executive at Digitaltrack solution Pvt Ltd
Real User
Top 5Leaderboard
Apr 20, 2026
Automation has transformed daily identity governance and simplifies compliant user onboarding
Pros and Cons
  • "Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization."
  • "A few improvements I would like to see in One Identity Active Roles are mainly around usability, reporting, and modern integration."

What is our primary use case?

One Identity Active Roles serves as the centralized Active Directory user and group management solution in our organization. We primarily use it for automatic routine identity administration tasks like user provision, role assignment, and group management, which reduce the need for manual Active Directory changes.

A good example in our organization is employee onboarding in Active Directory using One Identity Active Roles. When a few employees join, instead of the IT team manually creating a user account and assigning permissions, the process is triggered through predefined rules and roles based on an employee's department, for example, finance or IT, and One Identity Active Roles handles this automatically.

One Identity Active Roles has become a daily operational control point for identity governance in our organization and environment. Beyond onboarding and role changes, we use it regularly for day-to-day identity administration tasks like resetting and managing user accounts in a controlled way, delegating limited administrative rights to different IT teams, and tracking and auditing every directory change for compliance purposes.

What is most valuable?

One Identity Active Roles offers excellent features that mainly focus on automation, governance, and secure Active Directory management. A few of them really stand out in daily use. One of the most important features is automated user and group provisioning. It allows us to create, modify, and remove user accounts based on predefined rules, which significantly reduces manual work and ensures consistency across the environment.

The automated user and group provisioning feature in One Identity Active Roles has had a very noticeable positive impact on our team, especially in terms of time saving and accuracy. Before automation, onboarding or updating a user required multiple manual steps in Active Directory, including creating accounts, assigning groups, applying permissions, and verifying everything. This was not only time-consuming but also prone to human error such as missing group assignment or incorrect permissions.

Another feature that stands out in One Identity Active Roles is the delegation and role-based administrative model. It allowed us to safely delegate administrative tasks for different teams without giving them full Active Directory privilege.

One Identity Active Roles has a strong positive impact on our organization, mainly by improving efficiency, security, and governance in Active Directory management. One of the biggest improvements is the reduction in manual administrative work. Tasks such as user creation, group assignment, and access updates are now automated in policies, which has significantly reduced IT efforts and processing time. This has also helped us to avoid common human errors such as incorrect group membership or missing permissions.

Since implementing One Identity Active Roles, we have seen clear improvement in both time efficiency and error reduction, especially in identity lifecycle management. In terms of time saving, the biggest impact is in onboarding and routine Active Directory administration.

One Identity Active Roles has a strong positive impact on our compliance efforts and regulatory readiness. The biggest improvement comes from centralized audit and change tracking. Every identity-related action, such as user creation, group change, or permission update, is automatically logged. This gives us a complete audit trail, which is very important during internal and external compliance reviews.

Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization. Before its implementation, most Active Directory tasks such as user provisioning, group updates, and permission changes were manual and often required coordination between multiple teams. This not only increased workload but also introduced delays and occasional errors.

The delegation capability in One Identity Active Roles has had a very positive impact on our workflow and operational efficiency. Previously, most Active Directory tasks had to go through a central IT or domain admin team. We can now safely assign specific responsibilities to different teams or a support group without giving them full domain-level access.

What needs improvement?

A few improvements I would like to see in One Identity Active Roles are mainly around usability, reporting, and modern integration. One key area is user interface simplification. While the tool is very powerful, the admin console can feel complex for a new administrator. A more modern, intuitive UI with clearer navigation would make onboarding easier for IT teams. Another improvement area is reporting and analysis. Having more real-time dashboards, customizing reports, and better visibility into identity changes will make it easier to monitor governance at a glance without exporting data manually.

A couple of additional improvement areas stand out, especially around integration and operational flexibility in One Identity Active Roles. One important area is smoother integration with the modern SaaS and cloud identity ecosystem. While it works very well with Active Directory integration, newer cloud-native applications or hybrid environments can sometimes require extra configuration efforts. More out-of-the-box connectors and simpler setup in cloud platforms would make adoption faster and easier.

Better real-time monitoring and alerting would also be beneficial. While the platform does provide auditing and logs, having more proactive, real-time alerts for unusual identity changes such as bulk permission updates or suspected group notifications would be beneficial.

For how long have I used the solution?

I have been using One Identity Active Roles for two years.

What do I think about the stability of the solution?

One Identity Active Roles is stable. Based on real-world usage patterns and enterprise feedback, One Identity Active Roles is generally considered stable and reliable in a production environment.

How are customer service and support?

Customer support for One Identity Active Roles is generally good, but with a few mixed experience issues. From our experience, the support team is technically knowledgeable and helpful, especially for standard configuration issues and Active Directory integration questions regarding known product behaviors. When the issue is well defined, they usually provide clear guidance and workflow solutions.

Which solution did I use previously and why did I switch?

Before choosing One Identity Active Roles, we did evaluate a few other identity and access management solutions, mainly to compare automation, Active Directory governance features, and scalability.

How was the initial setup?

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, but required careful planning during setup. Since it is primarily designed for Active Directory environments, integration with our core directory service was quite straightforward and worked smoothly out of the box. It connected well with the existing AD structure, which made initial deployment faster and more stable.

What was our ROI?

We have seen a clear return on investment with One Identity Active Roles, mainly driven by usage savings, reduced manual effort, and improving operational efficiency rather than direct cost reduction alone. One of the biggest measurable impacts has been administrative time saving.

What other advice do I have?

My advice to others considering One Identity Active Roles is to start with clear planning and a well-defined identity governance model before implementation. From our experience, the tool is very powerful, but the real value comes when rules and access policies are properly designed upfront, with the Active Directory structure being clean and well-organized.

One final thought about One Identity Active Roles is that its biggest strength is not just automation, but the governance structure it brings to Active Directory management. It efficiently shifts identity management from the manual, ticket-driven process to a policy-based control system, which improves both security and operational consistency over time. I would rate this product a 9 overall.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Apr 20, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
904,748 professionals have used our research since 2012.
PeerSpot user
Desktop Support at DigitalTrack Solutions Private Limited
Real User
Top 5Leaderboard
Apr 23, 2026
Automation has transformed user lifecycle tasks and delegation now improves daily security control
Pros and Cons
  • "One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory, as routine tasks like user creation, password resets, and access changes are automated or delegated, saving time and reducing manual efforts while making management more structured and consistent, making overall administration easier and more efficient."
  • "One Identity Active Roles is very helpful, but a few improvements could make it even better, such as simplifying the user interface to make it more user-friendly, especially for new users, and making setup and configuration easier."

What is our primary use case?

I have been working in the cybersecurity field for about one year using One Identity Active Roles.

One Identity Active Roles is used for Active Directory management and user lifecycle management, including tasks such as user provisioning, group management, and enforcing access policies in a controlled and automated way.

When a new employee joins, I use One Identity Active Roles to create the user account with predefined templates and automatically assign the required groups and permissions, ensuring consistency and saving time. Similarly, when someone leaves, I can quickly disable the account and remove access.

Password resets and access requests represent another scenario related to our main use case, where Active Directory allows us to delegate tasks securely to help desk teams without giving full admin rights, reducing the workload on admins and ensuring proper control and auditing.

How has it helped my organization?

One Identity Active Roles has improved our daily operations by simplifying user management and reducing manual work, as tasks like user creation, password resets, and access changes are faster and more consistent while also improving security by controlling permissions and keeping proper audit logs. Overall, it saves time and makes administration more efficient.

We saw around forty to fifty percent time savings in routine tasks like user creation and password resets, while the help desk workload also reduced since tasks are delegated properly, and errors in access management decreased, improving overall security and consistency.

What is most valuable?

The best features of One Identity Active Roles, in my opinion, are automated user lifecycle management, rule-based access control, and delegation, which allows us to automate the creation and modification of user roles, saving a lot of time while providing fine-grained access control with least privilege, thereby improving security.

The features are very helpful in daily work, especially with delegation, where we can give limited access to the help desk team to handle tasks like password resets or unlocking accounts without giving full admin rights, improving security and reducing the workload on senior admins.

One more useful feature of One Identity Active Roles is auditing and reporting, which tracks all changes made to user accounts and access, being very helpful for troubleshooting and compliance. Many people do not realize how useful this is for maintaining security and accountability.

What needs improvement?

One Identity Active Roles is very helpful, but a few improvements could make it even better, such as simplifying the user interface to make it more user-friendly, especially for new users, and making setup and configuration easier. Adding more customization in reporting and improving performance for larger environments would further enhance the experience. Overall, it is a strong tool with minor areas for improvement.

Navigation between different options can feel complex, so simplifying that would help. Additionally, quicker search and better filtering options for users and groups would make daily tasks even faster, enhancing usability.

For how long have I used the solution?

I have been working in my current field for three years.

What do I think about the stability of the solution?

One Identity Active Roles is generally stable and reliable, with most users rating its stability quite high, often between a seven to ten out of ten, consistently performing for daily operations like automation and user management without major downtime reported.

What do I think about the scalability of the solution?

One Identity Active Roles is highly scalable, capable of handling large environments with thousands or even hundreds of thousands of users across multiple domains without major issues and continuing to perform well and manage user groups and policies efficiently as the environment grows.

How are customer service and support?

The customer support is good, with the team being knowledgeable and helpful, usually assisting well with issues, although response times can sometimes vary depending on the complexity.

I would rate the customer support a nine out of ten.

Which solution did I use previously and why did I switch?

We were not using any dedicated solution before One Identity Active Roles, as most tasks were handled manually in Active Directory, and we switched to reduce manual efforts, improve security, and make user management more efficient.

How was the initial setup?

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was relatively easy since it works closely with Active Directory, where the basic setup was straightforward; however, some configuration and fine-tuning took time. Once integrated, it works smoothly with our existing infrastructure.

What was our ROI?

We have seen a good return on investment, as routine tasks like user creation and password resets became faster, saving around forty to fifty percent of the time; delegation also reduced the workload on admins, allowing the team to focus on more important tasks, improving efficiency and reducing operational efforts.

What's my experience with pricing, setup cost, and licensing?

Our experience with pricing, setup cost, and licensing has been reasonable; the initial setup took some effort, especially during configuration, but it was manageable, with licensing being flexible based on the number of users and the environment, making it scalable and providing good value considering the features and time savings.

Which other solutions did I evaluate?

We did not formally evaluate other tools before choosing One Identity Active Roles, selecting it based on our requirement for better Active Directory management, automation, and security.

What other advice do I have?

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory, as routine tasks like user creation, password resets, and access changes are automated or delegated, saving time and reducing manual efforts while making management more structured and consistent, making overall administration easier and more efficient.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very good, allowing us to assign specific tasks like password resets, account unlocks, and basic user management to the help desk team without giving them full admin rights, which has improved our workflow by reducing the workload on admins and speeding up issue resolution while also improving security and accountability since access is controlled and all actions are properly logged.

My advice for others looking into using One Identity Active Roles would be to clearly understand your Active Directory structure and requirements before implementation, plan roles and permissions properly, and make good use of the automation and delegation features to reduce manual work and improve security.

Overall, One Identity Active Roles is a reliable tool that simplifies user management and improves security, saving time and making daily operations more efficient. I would rate this product eight out of ten.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 23, 2026
Flag as inappropriate
PeerSpot user
reviewer2789802 - PeerSpot reviewer
Director, Identity & M365 Engineering at a healthcare company with 10,001+ employees
Real User
Top 10
Dec 23, 2025
Granular delegated access has strengthened least privilege control across complex directories
Pros and Cons
  • "One Identity Active Roles absolutely helps reduce identity-based breaches, making it very seamless for our user base to ensure that folks in specific positions have the least privileged access possible across our for-profit healthcare conglomerate with thirty states and over fifty community hospitals under a single Active Directory domain."
  • "We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there."

What is our primary use case?

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers.

Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us.

Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake.

About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

What is most valuable?

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

What needs improvement?

One of the things I would like to see more robust is the change history. One Identity Active Roles can only monitor changes that happen in the console, and the logs don't go back longer than thirty days, maybe sixty days. The change history, when we've seen accounts get modified, we leverage a container domain that funnels accounts into our Active Directory console. I would like to see from an initial user provisioning perspective, for them to isolate the workflow and say that this came in on X date and account was created. If anyone were to modify that account from an external resource, I would like to be able to read that as well. One Identity Active Roles is strictly limited to the console. If someone makes a change, the history of those changes is not as long as I would prefer.

For how long have I used the solution?

Our company has used One Identity Active Roles for over five years. I have been with them for the last four years. Personally, I have been a user and managed the team that controls One Identity Active Roles for four years.

What do I think about the stability of the solution?

Regarding stability, One Identity Active Roles is mostly stable. The only times it is not is when we have the eight-point-zero long-term service release. I have not seen any sort of hiccups in connectivity. If anything, it is on our side from a networking standpoint. It is a very stable product, at least recently.

What do I think about the scalability of the solution?

One Identity Active Roles is more beneficial to a large corporation. I am sure that licensing can vary in cost, but it is definitely very beneficial to complex Active Directory environments from a control perspective and being able to grant least privileged access that folks need to do their job.

How are customer service and support?

We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I have not used any alternatives to One Identity Active Roles. From an on-premises AD standpoint, delegated access has been with LifePoint as long as in my career. That is what we have leveraged. It has been useful. We have rolled it out across several Active Directory domains as our management overlay, but that has been our main one.

How was the initial setup?

When I first started using One Identity Active Roles, it is intuitive. It is not super complex. The management of it, we used it from a user provisioning standpoint before we switched human capital management systems. I was not really involved in that, but from an end user standpoint, you pick your web database server. The thick client is much easier from a UI perspective looking through it because it looks very similar to ADUC if you have any experience in IT. The web portal is fine. I think it is a little more clunky, and that is what most folks use, but it is intuitive. You pick your web or database server, log in with your credentialed account, and it synchronizes and loads. It is seamless, and from an intuitive standpoint, it is on the higher end.

What's my experience with pricing, setup cost, and licensing?

Regarding the pricing of One Identity Active Roles, it is definitely on the expensive side compared to solutions for what it does. It is a necessary need for us. I don't know One Identity Active Roles' business model, but it is very niche in the sense that they are going to target complex environments like mine that have a need for delegated access. There are other IGA platforms that do delegated access and offer a much larger suite of solutions, but it is definitely on the expensive side. I think our total was in the seven-figure range for a couple of years of service.

What other advice do I have?

Overall, I would give One Identity Active Roles a rating of nine out of ten. The main pain point I have is not huge because I know there are AD audit solutions out there individually. But with the control that One Identity Active Roles has, being as intuitive as it is, I think it is a nine out of ten. I would recommend it to any healthcare conglomerate that has multiple hands in an Active Directory environment. There are many components that I think our team is not touching the surface on from a dynamic group perspective, and we just use it for what it is today, but I think there are more components that we could explore.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Dec 23, 2025
Flag as inappropriate
PeerSpot user
reviewer2845674 - PeerSpot reviewer
Devoloper at a financial services firm with 51-200 employees
Real User
Top 10
May 23, 2026
Identity workflows have streamlined onboarding and offboarding but still need better UI and cloud integration
Pros and Cons
  • "Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency."
  • "I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement."

What is our primary use case?

One Identity Active Roles serves as our centralized Active Directory administration platform for identity lifecycle management, including automated user provisioning, delegated administration, role-based access control, workflow automation, and compliance management.

A specific example of One Identity Active Roles implementation is automating employee onboarding where new users are automatically created with correct organizational unit placement, group membership, permission assignments, and policies based on their department or job roles.

What is most valuable?

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing capabilities.

The automation capability in One Identity Active Roles helps reduce manual Active Directory tasks by automatically handling user provisioning, deprovisioning, group assignment, and policy enforcement, which improves efficiency, consistency, and security.

One Identity Active Roles has positively impacted our organization by reducing manual Active Directory administration, improving security through role-based access control and delegated access, speeding up onboarding and offboarding processes, and enhancing compliance and audit visibility.

Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency.

One Identity Active Roles helped us implement fine-grained delegation and access control by assigning specific administrative permissions based on roles and department, which improves security, reduces excessive privilege, minimizes manual errors, and made Active Directory management more controlled and compliant.

One Identity Active Roles integrated well with our existing IT environment, especially with Active Directory and Microsoft infrastructure, which made adoption easier without major changes to current systems or operational processes.

I was impressed with the automation capability in One Identity Active Roles, especially automated user onboarding and offboarding where accounts, group memberships, and permissions were assigned automatically based on department or roles, significantly reducing manual effort and provisioning time.

One Identity Active Roles has significantly reduced compliance effort by centralizing auditing, enforcing role-based access control and policy management, tracking Active Directory changes, and simplifying access reviews and reporting for audits.

One Identity Active Roles reduced the complexity and workload related to Active Directory by automating repetitive tasks, simplifying user and group management, enabling delegated administration, and centralizing policy and access control management.

Delegated administration in One Identity Active Roles positively affected our operations by allowing service desk teams to handle routine Active Directory tasks such as password resets, user creation, and group management without full domain administrator rights, which improved security, reduced workload on senior administrators, and sped up request resolution.

What needs improvement?

One Identity Active Roles can be improved with a more modern user interface, better reporting and analytics capabilities, simplified workflow customization, improved troubleshooting tools, and stronger cloud and hybrid identity integration capabilities.

I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement.

For how long have I used the solution?

I have been using One Identity Active Roles for the last three years.

What do I think about the stability of the solution?

One Identity Active Roles is stable and reliable for enterprise Active Directory management and automation workloads.

What do I think about the scalability of the solution?

One Identity Active Roles scales well and can efficiently manage large enterprise Active Directory environments with thousands of users, groups, and administrative tasks.

How are customer service and support?

Customer support for One Identity has been generally good with knowledgeable technical teams and effective support for deployment, troubleshooting, and Active Directory integration issues.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, we mainly relied on Active Directory tools, manual administration processes, and basic PowerShell scripting for user and group management.

How was the initial setup?

We consolidated identity and access management using One Identity Active Roles for user provisioning and group management.

What was our ROI?

We achieved a strong return on investment with One Identity Active Roles through a 40 to 50 percent reduction in service desk workload, faster user provisioning, fewer manual administrator errors, and improved compliance and audit efficiency.

What's my experience with pricing, setup cost, and licensing?

The pricing, setup cost, and licensing for One Identity Active Roles are enterprise-oriented and typically based on the number of managed users or accounts. While setup requires moderate implementation effort for Active Directory integration and workflow configuration, overall it delivers strong value through automation and reduced administrative overhead.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, we evaluated Microsoft Identity Manager and SailPoint IdentityIQ.

What other advice do I have?

My advice to others considering One Identity Active Roles is to plan role-based access control models, workflows, and delegation structures carefully, start with a pilot deployment, and fully utilize automation and auditing features to maximize security, compliance, and operational efficiency. I would rate this product a 3 out of 5 in terms of customer service.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 23, 2026
Flag as inappropriate
PeerSpot user
Mahesh Dattatray Malve - PeerSpot reviewer
Senior Business Development Executive at Digitaltrack
Real User
Top 5
May 19, 2026
Centralized delegation has streamlined ad administration and now reduces privileged access risks
Pros and Cons
  • "One positive impact we noticed from One Identity Active Roles was improved operational efficiency; earlier, many user management tasks were handled manually, which took more time and sometimes created inconsistencies, but using intelligent role-based workflows and automation made onboarding and access modification faster and more standardized, and we also saw better control over privileged access since permissions were delegated properly, reducing high-level administrative rights, which improved accountability and balanced security with operational speed."
  • "Pricing for One Identity Active Roles is a bit on the higher side compared to other options in the market."

What is our primary use case?

My main use case for One Identity Active Roles is for centralized Active Directory administration and life cycle management; most of the day-to-day activities revolve around user provisioning, account modification, and modification group management, access delegation, and handling the joiner mover leaver process.

One common example of how I use it for user provisioning in my daily work is during new employee onboarding; when HR shares the employee details, we use predefined templates in One Identity Active Roles to create user accounts with standard attributes such as department, designation, email format, and reporting manager, and based on the employee's role, the required security groups are automatically assigned instead of adding everything manually.

What is most valuable?

One important thing from day-to-day usage is that tools such as One Identity Active Roles are not just about account creation or access management; they help bring consistency into operations in large environments, as one small manual mistake in Active Directory can create bigger issues later, especially during audits or access reviews, and from my experience, the biggest practical benefit has been reducing repetitive manual work and maintaining standardized processes across teams.

The best feature of One Identity Active Roles is delegation administration with role-based access control; it allows an organization to give limited and controlled access to different IT teams without exposing full Active Directory permissions, which is very important from a security perspective.

Role-based access control has helped me mainly by reducing unnecessary privileged access, as earlier, in some environments, multiple admins had broad Active Directory permissions which increased the risk of accidental changes or unauthorized actions, and with One Identity Active Roles, this access could be delegated so teams only got permissions required for their tasks.

One thing worth adding about the features is that as identity and access governance become more important and organizations are handling hybrid environments with cloud and on-premise systems together, tools such as One Identity Active Roles help bring structure to that, especially for managing identity-related operations in a controlled way.

One positive impact we noticed from One Identity Active Roles was improved operational efficiency; earlier, many user management tasks were handled manually, which took more time and sometimes created inconsistencies, but using intelligent role-based workflows and automation made onboarding and access modification faster and more standardized, and we also saw better control over privileged access since permissions were delegated properly, reducing high-level administrative rights, which improved accountability and balanced security with operational speed.

Measurable improvements were noticed over time; for onboarding activities, the creation and access assignment process became much faster because templates and automation group assignments reduced manual work, and earlier, some requests would take a few hours depending on complexity, but with streamlined workflows, standard tasks became much quicker with fewer follow-ups, and from an audit perspective, preparing for access reviews or compliance checks was easier because all changes were logged properly, meaning the teams spent less time collecting manual evidence due to the clear audit process.

We utilized the fine-grained permission control feature of One Identity Active Roles, especially for delegating administration and limiting unnecessary privileged access; one major impact was better implementation of the least privilege principle, as instead of giving broad Active Directory permissions to multiple teams, access is assigned based on specific responsibilities, allowing the helpdesk team to perform limited tasks such as password resets or account unlocks, while application teams manage only their own security groups without broad administrative access.

The automation capabilities of One Identity Active Roles are one of its stronger areas, especially for reducing repetitive administrative tasks and improving consistency; a common example is user onboarding and offboarding workflows where predefined templates automatically populate user attributes, assign appropriate groups, and apply naming standards based on department or role, significantly reducing manual effort and minimizing configuration mistakes.

One Identity Active Roles has had a significant effect on the complexity and workload of day-to-day Active Directory administration, as earlier, many Active Directory-related tasks depended heavily on experienced administrators making direct changes in Active Directory users and computers, which increased the risk of inconsistency and human error; after implementing One Identity Active Roles, administrative tasks became more structured through delegated access, templates, and automated workflows.

What needs improvement?

One Identity Active Roles is strong operationally, but there are a few areas where it could improve, such as cloud-native integration; since many organizations are moving towards hybrid and multi-cloud environments, a tighter and simpler integration with more cloud platforms would enhance the overall experience.

One practical pain point I encountered around workflow customization and change management is that the tool is powerful, but when organizations want highly customized approval flows based on business logic, implementation can become complex and often relies on experienced administrators or consultants.

For how long have I used the solution?

I have been using One Identity Active Roles for three years.

What do I think about the stability of the solution?

One Identity Active Roles is a stable and reliable platform.

What do I think about the scalability of the solution?

From my experience, One Identity Active Roles is quite scalable, especially for medium to large enterprises that have a high volume of Active Directory administrative operations, as the architecture is designed to scale Active Directory delegation and administration.

How are customer service and support?

I found the customer support experience with One Identity generally positive, especially for enterprise-level support cases, as their support team has strong technical knowledge of Active Directory and IAM issues which is crucial for solving issues.

Which solution did I use previously and why did I switch?

Before using One Identity Active Roles, a large portion of administrative work was handled with native Active Directory tools and manual operational processes, and the main reason for moving towards One Identity Active Roles was the increasing complexity of user and access management as the organization scaled.

How was the initial setup?

The ease of integrating One Identity Active Roles with our existing IT infrastructure and directory services was moderately manageable, as it was not extremely difficult but required proper planning and understanding of the existing infrastructure; since our organization is heavily based on Active Directory and Microsoft technologies, the core integration was relatively smooth, allowing straightforward onboarding, synchronization, delegation, administration, and policy configuration once the architecture was properly designed.

What about the implementation team?

The implementation was done in-house by our IT team.

What was our ROI?

The organization has seen a positive return on investment, though the return on investment is more operational and security-focused than just a cost reduction; we also observed fewer operational errors related to account provisioning and group assignments due to standardized templates and workflows reducing inconsistencies, meaning even a small reduction in manual administration and troubleshooting effort adds up.

What's my experience with pricing, setup cost, and licensing?

Pricing for One Identity Active Roles is a bit on the higher side compared to other options in the market.

Which other solutions did I evaluate?

During the evaluation phase, I considered a few other IAM and Active Directory management solutions; the comparison was mainly about delegation capabilities, automation, and audit, including Microsoft's native Active Directory administration approach combined with scripting and Group Policy management, as well as tools such as Microsoft Entra ID, NetIQ, SailPoint, and CyberArk, depending on the use case.

What other advice do I have?

My advice for others looking into using One Identity Active Roles is to first understand your internal identity and access management processes before implementing the tool, and I recommend starting with clear delegation and automation goals instead of trying to customize everything immediately. I would rate this product an 8.5 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 19, 2026
Flag as inappropriate
PeerSpot user
reviewer2845590 - PeerSpot reviewer
Engineer at a transportation company with 1,001-5,000 employees
Real User
Top 10
May 22, 2026
Centralized automation has transformed identity lifecycle management and strengthens governance
Pros and Cons
  • "I saw a strong ROI with One Identity Active Roles through around a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual errors, and improved compliance and audit efficiency, which saves significant administrative time and operational efforts."
  • "One Identity Active Roles can be improved with a more modern and user-friendly interface, better reporting and analytics, simplified workflow customization, faster performance in large environments, and stronger cloud and hybrid identity integration capabilities."

What is our primary use case?

My main use case for One Identity Active Roles is centralized Active Directory administration and identity lifecycle management, including automatic user provisioning and deprovisioning, delegating administration, role-based access control, policy enforcement, and workflow automation to improve security, compliance, and operational efficiency.

A specific example of using One Identity Active Roles to automate user provisioning is automatic employee onboarding, where new users are automatically created with the correct OU placement, group membership, permission, and policy based on their department or role, reducing manual efforts.

Additionally, I use One Identity Active Roles for delegated administration, password management, approval workflows, group management, and auditing Active Directory changes, which helps improve security, reduce administrative workload, and maintain compliance.

What is most valuable?

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, policy placement, approval workflows, and auditing.

One Identity Active Roles automation helps by automatically provisioning and deprovisioning users, assigning groups, and permission based on roles, making my work easier and more efficient. While delegating administrative tasks, it allows service desk teams to perform limited AD tasks without full domain access.

Additionally, the approval workflow, auditing, and policy enforcement features in One Identity Active Roles are very valuable, as they help maintain compliance, track all Active Directory changes, enforce naming and security standards, and improve overall governance and operational controls.

One Identity Active Roles positively impacts my organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and offboarding processes, and enhancing compliance with centralized auditing and policy enforcement.

What needs improvement?

One Identity Active Roles can be improved with a more modern and user-friendly interface, better reporting and analytics, simplified workflow customization, faster performance in large environments, and stronger cloud and hybrid identity integration capabilities.

Additionally, One Identity Active Roles could be improved with troubleshooting tools, clearer error reporting, enhanced real-time monitoring dashboards, and simplified complex policy and workflow management to make administration easier in large enterprise environments.

For how long have I used the solution?

I have been working in my current field for the last one month.

What do I think about the stability of the solution?

One Identity Active Roles is generally very stable and reliable in enterprise environments with consistent performance in Active Directory management automation and delegation tasks when properly configured and maintained.

What do I think about the scalability of the solution?

One Identity Active Roles can scale to large enterprise environments and can efficiently handle thousands of users, groups, and Active Directory objects, centralizing automation and delegation processing without significant performance issues.

How are customer service and support?

Basic customer support for One Identity Active Roles has been generally good, with knowledgeable technical teams and effective guidance on deployment, although response time for complex escalations can sometimes be a bit slower.

I would rate customer support for One Identity Active Roles around a seven out of ten for strong technical expertise and helpful guidance, with some room for improvement in escalation and response times.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, I primarily used native Active Directory tools and manual administration processes, along with basic PowerShell scripting for user and group management.

How was the initial setup?

The main difficulty I faced integrating One Identity Active Roles was complex workflows, mapping RBAC permissions correctly, synchronizing a hybrid environment like Microsoft Azure, and troubleshooting policy or replication-related issues during the initial deployment.

What was our ROI?

I saw a strong ROI with One Identity Active Roles through around a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual errors, and improved compliance and audit efficiency, which saves significant administrative time and operational efforts.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing of One Identity Active Roles are enterprise-based and depend on the number of managed users or accounts, while setup costs are moderate due to infrastructure implementation and integration requirements. Overall, it provides good value through automation, security, and reduced administrative overhead.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, I evaluated options including Microsoft Identity Manager and SailPoint IdentityIQ, but chose One Identity Active Roles due to its strong Active Directory integration, automation, and delegation administrative capabilities.

What other advice do I have?

My impression of the automation capability of One Identity Active Roles is very positive, as it significantly reduces manual Active Directory tasks through automated provisioning, deprovisioning, group management, approval workflows, and policy enforcement, improving efficiency, consistency, and security across the environment.

One Identity Active Roles significantly reduces the complexity of Active Directory administration by centralizing management, automating repetitive tasks, and enabling delegated access control, although the initial setup and advanced workflow configuration can be complex in large enterprise environments.

One Identity Active Roles delegation allows service desk or junior administrators to perform specific Active Directory tasks including password resets, user creation, and group management without giving full domain administrative access, which improves security, reduces workload on senior admins, and speeds up request handling.

My advice to others considering using One Identity Active Roles is to plan the Active Directory structure, RBAC model, and workflow carefully before deployment. I recommend starting with a pilot implementation and leveraging automation and delegated administration features fully to maximize security, efficiency, and compliance benefits. I would give One Identity Active Roles an overall rating of eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 22, 2026
Flag as inappropriate
PeerSpot user
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Real User
Top 5Leaderboard
May 14, 2026
Centralized automation has streamlined onboarding, delegation, and secure access management
Pros and Cons
  • "One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks."
  • "Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues."

What is our primary use case?

My main use case for One Identity Active Roles is managing Active Directory users and groups in a centralized way, and I primarily use it for provisioning, access management, password reset, onboarding and off-boarding processes, and delegated administration.

During employee onboarding, I use One Identity Active Roles to create user accounts, assign the required group membership, apply department-based permissions, and configure account policies from a centralized console. For delegated administration, specific tasks such as password reset or basic account management can be assigned to a specific support team without giving them full domain admin access, which improves security and also reduces workload for senior administrators.

Apart from onboarding and access management, I also use One Identity Active Roles for account lifecycle management, such as disabling accounts during off-boarding and updating permissions during role changes. It helps with maintaining consistency through policy-based administration and reduces manual effort for repetitive Active Directory tasks.

What is most valuable?

A valuable feature of One Identity Active Roles is delegated administration because it allows different teams to handle specific tasks without giving full Active Directory access. I also find that centralized user and group management very useful since it simplifies onboarding, off-boarding, permission updates, and account management from a single interface. The strong feature is automation and workflow management, which helps reduce manual effort and improve consistency and minimize administrative errors.

Account creation, group assignment, and permission management can all be handled from one place instead of manually configuring everything in Active Directory, making it much faster. Delegated administration also makes support operations easier because basic tasks of password reset and account unlocks can be securely handled by the support team without requiring administrative privileges. These features improve visibility and help maintain better control over administrative changes.

One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks. It also enhanced security through delegated administration because teams can perform specific tasks without needing full domain admin rights. Another positive impact is reduced manual errors and faster onboarding and off-boarding processes, which improved overall operational efficiency for my IT team.

What needs improvement?

Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues. Additionally, improving the overall performance and simplifying some workflow configurations would make day-to-day operations easier.

For how long have I used the solution?

I have been using One Identity Active Roles for around one year.

What do I think about the stability of the solution?

One Identity Active Roles has been a stable solution for day-to-day Active Directory administrative and identity management tasks in my experience, as I have been able to use it reliably for user provisioning, delegated administration, and access management with consistent performance. As with any enterprise solution, proper configuration and maintenance are important, but overall, it has been stable in my environment.

What do I think about the scalability of the solution?

One Identity Active Roles is scalable and is actually designed specifically for large enterprise environments and hybrid environments, so it has centralized multi-domain management tailored for large enterprises.

How are customer service and support?

Customer support for One Identity Active Roles is generally rated as good but not perfect, so it really depends on the type of issues and how my environment is set up.

Which solution did I use previously and why did I switch?

Previously, most of the administration was handled directly through native Active Directory tools and manual processes. My organization moved to One Identity Active Roles to improve centralized management, delegation, and automation, which also helped improve security and reduce manual workload through better control over permissions.

How was the initial setup?

The integration process was relatively easy because One Identity Active Roles integrates well with existing Active Directory environments. The initial setup and configuration required proper planning and understanding of the directory structure, but once configured, it worked well with the existing IT infrastructure, making the centralized management and policy-based administration easier to align with my current identity management process.

What was our ROI?

From an operational perspective, I have seen a positive return in terms of time-saving and administrative efficiency. For example, routine tasks of user onboarding, permission updates, and account management are completed much faster now compared to manual Active Directory administration. While I was not directly involved in financial calculation, it has definitely improved efficiency and reduced manual effort for my IT teams.

Which other solutions did I evaluate?

I was not involved directly in the product evaluation or selection process, so I cannot comment in detail on all the alternatives that were evaluated. However, from my understanding, the decision was mainly based on improving centralized Active Directory management.

What other advice do I have?

After using One Identity Active Roles, onboarding account management tasks become noticeably faster. For example, creating a user account and assigning permissions that previously took around fifteen to twenty minutes manually can be completed in just a few minutes through centralized workflows. I have also noticed fewer permission-related mistakes and improved consistency because policies and templates are applied in a standardized way.

My advice for anyone evaluating One Identity Active Roles is that if you are planning to use Active Roles, the most important thing to understand is that it is not just a tool; it is an identity management framework for Active Directory and hybrid environments. Success depends more on design and implementation than the product itself.

One Identity Active Roles is deployed in an on-premises environment integrated with my Active Directory infrastructure. I use One Identity Active Roles for Active Directory administration and identity management tasks, so it is mainly consolidated around centralized user management and delegated administration.

I have utilized the fine-grained permission control feature in One Identity Active Roles mainly through delegated administration, which helped implement least privilege principles by allowing teams to perform only the specific task required for their role, such as a password reset or account unlock, without providing full Active Directory administrative access. This improved security, reduced unnecessary privileged access, and helped maintain better control and accountability over administrative activities.

My impression of the automation capabilities is very positive because they help reduce repetitive manual administrative tasks and improve consistency in user management. For example, during onboarding, account creation, group assignment, and applying standard permissions can be handled through predefined workflows and policies, which saves time and reduces configuration errors. Automation also helped during off-boarding processes by quickly disabling accounts and removing access in a centralized way, improving both efficiency and security.

Administrative tasks related to Active Directory, such as user provisioning, group management, password reset, and access updates, become more streamlined and easier to handle. It also reduced manual workload for administrators because many repetitive tasks can be completed through workflows and delegated administration instead of handling everything directly in native Active Directory tools. It has significantly reduced the complexity of many Active Directory administrative tasks by centralizing management and automating routine operations.

I think the pricing structure will be suitable. I have given this review an overall rating of nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 14, 2026
Flag as inappropriate
PeerSpot user
Dhanaji Mali - PeerSpot reviewer
Technical Specialist at VDA Infosolutions Pvt. Ltd.
Real User
Top 5Leaderboard
Apr 9, 2026
Centralized controls have strengthened ad governance and now automate secure user provisioning
Pros and Cons
  • "One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment."
  • "One area for improvement would be the initial setup, which feels a little bit complex and could be simplified."

What is our primary use case?

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

What is most valuable?

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

What needs improvement?

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

For how long have I used the solution?

I have been using One Identity Active Roles for more than three years.

How are customer service and support?

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

What was our ROI?

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

What other advice do I have?

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 9, 2026
Flag as inappropriate
PeerSpot user
Abhishek Pol - PeerSpot reviewer
Cloud Engineer at Infobahn Technical Solution
Real User
Top 5
May 17, 2026
Automated governance has transformed onboarding and now cuts manual access work in half
Pros and Cons
  • "Automated provisioning and access management reduced manual administrative effort by nearly 50 to 60%, which saved significant onboarding time and lowered the number of access-related errors and support tickets."
  • "One Identity Active Roles could be improved with a more modern and intuitive user interface, faster performance during large-scale directory operations, and simpler initial deployment and configuration."

What is our primary use case?

One Identity Active Roles is primarily used for centralized Active Directory management, user provisioning, and automated access control. It streamlines user account creation, role-based administration, group management, and policy enforcement while reducing manual administrative effort and improving security compliance.

A common day-to-day use case involves onboarding new employees. One Identity Active Roles automated user account creation, group assignments, mailbox setup, and permission allocation based on department rules. This process was previously manual and time-consuming, but One Identity Active Roles reduced setup time significantly and helped avoid configuration mistakes and permission inconsistencies.

Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

What is most valuable?

The best features of One Identity Active Roles are automated user provisioning, delegated administration, and role-based access control. It reduces manual Active Directory management tasks, improves security through fine-grained permissions, and provides centralized auditing and policy enforcement. The automation workflows and approval-based access management are especially valuable for maintaining consistency and compliance in large enterprise environments.

The automation workflows help the team automate repetitive identity management tasks such as user onboarding, account updates, password resets, and de-provisioning. Approval-based access management adds an extra security layer by requiring manager or admin approval before sensitive permissions or group memberships are granted. This reduces manual effort, minimizes human errors, improves compliance, and ensures proper access governance across the organization.

One Identity Active Roles significantly reduces the complexity and workload of Active Directory management by automating repetitive tasks such as user provisioning, group management, password resets, and access changes. It simplifies delegated administration and centralized policy management, allowing the IT team to handle Active Directory operations more efficiently with fewer manual errors.

What needs improvement?

One Identity Active Roles could be improved with a more modern and intuitive user interface, faster performance during large-scale directory operations, and simpler initial deployment and configuration.

For how long have I used the solution?

One Identity Active Roles has been used for approximately seven months.

What do I think about the stability of the solution?

One Identity Active Roles is stable.

What do I think about the scalability of the solution?

One Identity Active Roles is highly scalable and works well in medium to large enterprise environments. It can efficiently manage a large number of users, groups, and directory objects while maintaining centralized administration, automation, and policy enforcement across multiple domains and complex Active Directory infrastructures.

How are customer service and support?

Customer support for One Identity Active Roles is excellent.

Which solution did I use previously and why did I switch?

The organization mainly consolidated Active Directory administration, user provisioning, access governance, and role-based access management using One Identity Active Roles. It helps centralize identity management tasks that were previously handled through multiple manual tools and scripts.

How was the initial setup?

Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

What about the implementation team?

Careful planning of the initial deployment and role structure before implementation is recommended. One Identity Active Roles delivers the most value when automation workflows, delegated administration, and access policies are properly designed according to organizational needs.

What was our ROI?

A clear return on investment was realized after implementing One Identity Active Roles. Automated provisioning and access management reduced manual administrative effort by nearly 50 to 60%, which saved significant onboarding time and lowered the number of access-related errors and support tickets.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing experience with One Identity Active Roles was generally reasonable for an enterprise IAM solution. Initial setup required some planning and technical resources, but the long-term operational efficiency and automation benefits provided good overall value.

What other advice do I have?

After implementing One Identity Active Roles, user provisioning and access management time was reduced by nearly 50 to 60%. The automation workflows helped lower manual configuration errors and improved compliance by maintaining proper approval trails and access governance records.

The automation capabilities of One Identity Active Roles are impressive because they significantly reduce repetitive administrative work and improve consistency. Employee onboarding workflows were automated, so new users automatically receive the correct accounts, group memberships, and permissions based on their department and role. Automated de-provisioning is also used to quickly disable accounts and revoke access when employees leave the organization, improving both efficiency and security.

The review rating provided for One Identity Active Roles is 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 17, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.