One Identity Active Roles Reviews

The main use case of One Identity Active Roles is to support daily Active Directory administrator tasks. Routine tasks such as user creation, password resetting, account updates, and handling are performed through One Identity Active Roles, which can be managed by the support team and has really improved the efficiency of our teams.

A real-time day-to-day example of using One Identity Active Roles is that a help desk user can reset the password and unlock the account without accessing Active Directory directly. When new users are created, required settings are applied automatically, making our jobs easier and operations very smooth. Previously, this was taking so much time, but nowadays it is automated, so it is a very good solution.

The best features One Identity Active Roles offers, in terms of my use cases, include its policy enforcement to ensure that all changes follow predefined standards, avoiding incorrect configuration and maintaining consistency across Active Directory, the role-based access control that allows assigning permissions based on job roles to simplify management and improve security in our organization, and its automation features.

I need to highlight role-based access control in One Identity Active Roles, as it has had the biggest day-to-day impact. Automation and policy enforcement are powerful, without doubt, but role-based access control is what fundamentally changed how we operate. Earlier, many tasks were a bottleneck, with only a senior admin able to perform most Active Directory changes, resulting in many help desk tickets. However, with One Identity Active Roles, we created fine-grained roles such as password reset, group management, and user provisioning, assigned those roles to the help desk team, and restricted access to only those organizational units based on attributes. Now, 90% of routine tasks are handled without escalation.

The effect of One Identity Active Roles on the complexity and workload of administrative tasks related to Active Directory has been very positive. It significantly reduces the operational burden while making processes more structured and controlled. It has really reduced administrative complexity. Tasks are handled through templates, policies, and workflows, which has significantly reduced the workload.

One Identity Active Roles has really impacted our organization very positively. It has improved control over Active Directory operations and reduced manual efforts. Tasks are completed faster than previously and more securely. These are the positive impacts we are seeing in day-to-day operations.

One Identity Active Roles has really proved its value. While exact numbers vary by environment, the provisioning time reduced by 70 to 80% and it is very smooth, and help desk ticket resolution improved by 60 to 80%. It has really reduced the use of privileged accounts, contributing to the positive impact we are seeing.

As far as improvements to One Identity Active Roles are concerned, I do not think any lack of features is present in the solution. It is working well and is a very powerful solution. There is no need for improvement as per my requirements.

One thing I can add is that One Identity Active Roles could be more simplified for the initial setup and configuration.

I have been using One Identity Active Roles for more than four years.

One Identity Active Roles is stable.

From a scalability perspective, One Identity Active Roles is a very good solution. There is no kind of challenge.

Customer support for One Identity Active Roles is very supportive and good in their technical aspects.

From day one, we have been using One Identity Active Roles only.

Regarding Active Directory integration with One Identity Active Roles, it was very smooth and quick. We have not seen any kind of challenge, and it synced with Active Directory beautifully.

We have seen a huge return on investment with One Identity Active Roles. In many cases, that was quite measurable, such as reduction in provisioning and admin efforts by 40 to 60%, which resulted in reduced need for additional staff. Without it, we would need thousands of additional people. Cost saving and efficiency gain have led to some users reporting approximately 75% ROI and cost reduction.

I have had a great experience with the pricing, setup cost, and licensing of One Identity Active Roles. There is no challenge we have seen as far as the vendor is concerned.

We have not evaluated other options before choosing One Identity Active Roles.

I will highly recommend One Identity Active Roles because it is a very useful tool for improving Active Directory management and control. It really reduces risk and improves efficiency. It is well suited for organizations with a large Active Directory environment, which I will recommend highly. I gave this review a rating of 8.

On-premises

I have been working in the cybersecurity field for about one year using One Identity Active Roles.

One Identity Active Roles is used for Active Directory management and user lifecycle management, including tasks such as user provisioning, group management, and enforcing access policies in a controlled and automated way.

When a new employee joins, I use One Identity Active Roles to create the user account with predefined templates and automatically assign the required groups and permissions, ensuring consistency and saving time. Similarly, when someone leaves, I can quickly disable the account and remove access.

Password resets and access requests represent another scenario related to our main use case, where Active Directory allows us to delegate tasks securely to help desk teams without giving full admin rights, reducing the workload on admins and ensuring proper control and auditing.

One Identity Active Roles has improved our daily operations by simplifying user management and reducing manual work, as tasks like user creation, password resets, and access changes are faster and more consistent while also improving security by controlling permissions and keeping proper audit logs. Overall, it saves time and makes administration more efficient.

We saw around forty to fifty percent time savings in routine tasks like user creation and password resets, while the help desk workload also reduced since tasks are delegated properly, and errors in access management decreased, improving overall security and consistency.

The best features of One Identity Active Roles, in my opinion, are automated user lifecycle management, rule-based access control, and delegation, which allows us to automate the creation and modification of user roles, saving a lot of time while providing fine-grained access control with least privilege, thereby improving security.

The features are very helpful in daily work, especially with delegation, where we can give limited access to the help desk team to handle tasks like password resets or unlocking accounts without giving full admin rights, improving security and reducing the workload on senior admins.

One more useful feature of One Identity Active Roles is auditing and reporting, which tracks all changes made to user accounts and access, being very helpful for troubleshooting and compliance. Many people do not realize how useful this is for maintaining security and accountability.

One Identity Active Roles is very helpful, but a few improvements could make it even better, such as simplifying the user interface to make it more user-friendly, especially for new users, and making setup and configuration easier. Adding more customization in reporting and improving performance for larger environments would further enhance the experience. Overall, it is a strong tool with minor areas for improvement.

Navigation between different options can feel complex, so simplifying that would help. Additionally, quicker search and better filtering options for users and groups would make daily tasks even faster, enhancing usability.

I have been working in my current field for three years.

One Identity Active Roles is generally stable and reliable, with most users rating its stability quite high, often between a seven to ten out of ten, consistently performing for daily operations like automation and user management without major downtime reported.

One Identity Active Roles is highly scalable, capable of handling large environments with thousands or even hundreds of thousands of users across multiple domains without major issues and continuing to perform well and manage user groups and policies efficiently as the environment grows.

The customer support is good, with the team being knowledgeable and helpful, usually assisting well with issues, although response times can sometimes vary depending on the complexity.

I would rate the customer support a nine out of ten.

We were not using any dedicated solution before One Identity Active Roles, as most tasks were handled manually in Active Directory, and we switched to reduce manual efforts, improve security, and make user management more efficient.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was relatively easy since it works closely with Active Directory, where the basic setup was straightforward; however, some configuration and fine-tuning took time. Once integrated, it works smoothly with our existing infrastructure.

We have seen a good return on investment, as routine tasks like user creation and password resets became faster, saving around forty to fifty percent of the time; delegation also reduced the workload on admins, allowing the team to focus on more important tasks, improving efficiency and reducing operational efforts.

Our experience with pricing, setup cost, and licensing has been reasonable; the initial setup took some effort, especially during configuration, but it was manageable, with licensing being flexible based on the number of users and the environment, making it scalable and providing good value considering the features and time savings.

We did not formally evaluate other tools before choosing One Identity Active Roles, selecting it based on our requirement for better Active Directory management, automation, and security.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory, as routine tasks like user creation, password resets, and access changes are automated or delegated, saving time and reducing manual efforts while making management more structured and consistent, making overall administration easier and more efficient.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very good, allowing us to assign specific tasks like password resets, account unlocks, and basic user management to the help desk team without giving them full admin rights, which has improved our workflow by reducing the workload on admins and speeding up issue resolution while also improving security and accountability since access is controlled and all actions are properly logged.

My advice for others looking into using One Identity Active Roles would be to clearly understand your Active Directory structure and requirements before implementation, plan roles and permissions properly, and make good use of the automation and delegation features to reduce manual work and improve security.

Overall, One Identity Active Roles is a reliable tool that simplifies user management and improves security, saving time and making daily operations more efficient. I would rate this product eight out of ten.

On-premises

Other

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers.

Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us.

Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake.

About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

One of the things I would like to see more robust is the change history. One Identity Active Roles can only monitor changes that happen in the console, and the logs don't go back longer than thirty days, maybe sixty days. The change history, when we've seen accounts get modified, we leverage a container domain that funnels accounts into our Active Directory console. I would like to see from an initial user provisioning perspective, for them to isolate the workflow and say that this came in on X date and account was created. If anyone were to modify that account from an external resource, I would like to be able to read that as well. One Identity Active Roles is strictly limited to the console. If someone makes a change, the history of those changes is not as long as I would prefer.

Our company has used One Identity Active Roles for over five years. I have been with them for the last four years. Personally, I have been a user and managed the team that controls One Identity Active Roles for four years.

Regarding stability, One Identity Active Roles is mostly stable. The only times it is not is when we have the eight-point-zero long-term service release. I have not seen any sort of hiccups in connectivity. If anything, it is on our side from a networking standpoint. It is a very stable product, at least recently.

One Identity Active Roles is more beneficial to a large corporation. I am sure that licensing can vary in cost, but it is definitely very beneficial to complex Active Directory environments from a control perspective and being able to grant least privileged access that folks need to do their job.

We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there.

Neutral

I have not used any alternatives to One Identity Active Roles. From an on-premises AD standpoint, delegated access has been with LifePoint as long as in my career. That is what we have leveraged. It has been useful. We have rolled it out across several Active Directory domains as our management overlay, but that has been our main one.

When I first started using One Identity Active Roles, it is intuitive. It is not super complex. The management of it, we used it from a user provisioning standpoint before we switched human capital management systems. I was not really involved in that, but from an end user standpoint, you pick your web database server. The thick client is much easier from a UI perspective looking through it because it looks very similar to ADUC if you have any experience in IT. The web portal is fine. I think it is a little more clunky, and that is what most folks use, but it is intuitive. You pick your web or database server, log in with your credentialed account, and it synchronizes and loads. It is seamless, and from an intuitive standpoint, it is on the higher end.

Regarding the pricing of One Identity Active Roles, it is definitely on the expensive side compared to solutions for what it does. It is a necessary need for us. I don't know One Identity Active Roles' business model, but it is very niche in the sense that they are going to target complex environments like mine that have a need for delegated access. There are other IGA platforms that do delegated access and offer a much larger suite of solutions, but it is definitely on the expensive side. I think our total was in the seven-figure range for a couple of years of service.

Overall, I would give One Identity Active Roles a rating of nine out of ten. The main pain point I have is not huge because I know there are AD audit solutions out there individually. But with the control that One Identity Active Roles has, being as intuitive as it is, I think it is a nine out of ten. I would recommend it to any healthcare conglomerate that has multiple hands in an Active Directory environment. There are many components that I think our team is not touching the surface on from a dynamic group perspective, and we just use it for what it is today, but I think there are more components that we could explore.

On-premises

Microsoft Azure

One Identity Active Roles serves as our centralized Active Directory administration platform for identity lifecycle management, including automated user provisioning, delegated administration, role-based access control, workflow automation, and compliance management.

A specific example of One Identity Active Roles implementation is automating employee onboarding where new users are automatically created with correct organizational unit placement, group membership, permission assignments, and policies based on their department or job roles.

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing capabilities.

The automation capability in One Identity Active Roles helps reduce manual Active Directory tasks by automatically handling user provisioning, deprovisioning, group assignment, and policy enforcement, which improves efficiency, consistency, and security.

One Identity Active Roles has positively impacted our organization by reducing manual Active Directory administration, improving security through role-based access control and delegated access, speeding up onboarding and offboarding processes, and enhancing compliance and audit visibility.

Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency.

One Identity Active Roles helped us implement fine-grained delegation and access control by assigning specific administrative permissions based on roles and department, which improves security, reduces excessive privilege, minimizes manual errors, and made Active Directory management more controlled and compliant.

One Identity Active Roles integrated well with our existing IT environment, especially with Active Directory and Microsoft infrastructure, which made adoption easier without major changes to current systems or operational processes.

I was impressed with the automation capability in One Identity Active Roles, especially automated user onboarding and offboarding where accounts, group memberships, and permissions were assigned automatically based on department or roles, significantly reducing manual effort and provisioning time.

One Identity Active Roles has significantly reduced compliance effort by centralizing auditing, enforcing role-based access control and policy management, tracking Active Directory changes, and simplifying access reviews and reporting for audits.

One Identity Active Roles reduced the complexity and workload related to Active Directory by automating repetitive tasks, simplifying user and group management, enabling delegated administration, and centralizing policy and access control management.

Delegated administration in One Identity Active Roles positively affected our operations by allowing service desk teams to handle routine Active Directory tasks such as password resets, user creation, and group management without full domain administrator rights, which improved security, reduced workload on senior administrators, and sped up request resolution.

One Identity Active Roles can be improved with a more modern user interface, better reporting and analytics capabilities, simplified workflow customization, improved troubleshooting tools, and stronger cloud and hybrid identity integration capabilities.

I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement.

I have been using One Identity Active Roles for the last three years.

One Identity Active Roles is stable and reliable for enterprise Active Directory management and automation workloads.

One Identity Active Roles scales well and can efficiently manage large enterprise Active Directory environments with thousands of users, groups, and administrative tasks.

Customer support for One Identity has been generally good with knowledgeable technical teams and effective support for deployment, troubleshooting, and Active Directory integration issues.

Before implementing One Identity Active Roles, we mainly relied on Active Directory tools, manual administration processes, and basic PowerShell scripting for user and group management.

We consolidated identity and access management using One Identity Active Roles for user provisioning and group management.

We achieved a strong return on investment with One Identity Active Roles through a 40 to 50 percent reduction in service desk workload, faster user provisioning, fewer manual administrator errors, and improved compliance and audit efficiency.

The pricing, setup cost, and licensing for One Identity Active Roles are enterprise-oriented and typically based on the number of managed users or accounts. While setup requires moderate implementation effort for Active Directory integration and workflow configuration, overall it delivers strong value through automation and reduced administrative overhead.

Before selecting One Identity Active Roles, we evaluated Microsoft Identity Manager and SailPoint IdentityIQ.

My advice to others considering One Identity Active Roles is to plan role-based access control models, workflows, and delegation structures carefully, start with a pilot deployment, and fully utilize automation and auditing features to maximize security, compliance, and operational efficiency. I would rate this product a 3 out of 5 in terms of customer service.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is for centralized Active Directory administration and life cycle management; most of the day-to-day activities revolve around user provisioning, account modification, and modification group management, access delegation, and handling the joiner mover leaver process.

One common example of how I use it for user provisioning in my daily work is during new employee onboarding; when HR shares the employee details, we use predefined templates in One Identity Active Roles to create user accounts with standard attributes such as department, designation, email format, and reporting manager, and based on the employee's role, the required security groups are automatically assigned instead of adding everything manually.

One important thing from day-to-day usage is that tools such as One Identity Active Roles are not just about account creation or access management; they help bring consistency into operations in large environments, as one small manual mistake in Active Directory can create bigger issues later, especially during audits or access reviews, and from my experience, the biggest practical benefit has been reducing repetitive manual work and maintaining standardized processes across teams.

The best feature of One Identity Active Roles is delegation administration with role-based access control; it allows an organization to give limited and controlled access to different IT teams without exposing full Active Directory permissions, which is very important from a security perspective.

Role-based access control has helped me mainly by reducing unnecessary privileged access, as earlier, in some environments, multiple admins had broad Active Directory permissions which increased the risk of accidental changes or unauthorized actions, and with One Identity Active Roles, this access could be delegated so teams only got permissions required for their tasks.

One thing worth adding about the features is that as identity and access governance become more important and organizations are handling hybrid environments with cloud and on-premise systems together, tools such as One Identity Active Roles help bring structure to that, especially for managing identity-related operations in a controlled way.

One positive impact we noticed from One Identity Active Roles was improved operational efficiency; earlier, many user management tasks were handled manually, which took more time and sometimes created inconsistencies, but using intelligent role-based workflows and automation made onboarding and access modification faster and more standardized, and we also saw better control over privileged access since permissions were delegated properly, reducing high-level administrative rights, which improved accountability and balanced security with operational speed.

Measurable improvements were noticed over time; for onboarding activities, the creation and access assignment process became much faster because templates and automation group assignments reduced manual work, and earlier, some requests would take a few hours depending on complexity, but with streamlined workflows, standard tasks became much quicker with fewer follow-ups, and from an audit perspective, preparing for access reviews or compliance checks was easier because all changes were logged properly, meaning the teams spent less time collecting manual evidence due to the clear audit process.

We utilized the fine-grained permission control feature of One Identity Active Roles, especially for delegating administration and limiting unnecessary privileged access; one major impact was better implementation of the least privilege principle, as instead of giving broad Active Directory permissions to multiple teams, access is assigned based on specific responsibilities, allowing the helpdesk team to perform limited tasks such as password resets or account unlocks, while application teams manage only their own security groups without broad administrative access.

The automation capabilities of One Identity Active Roles are one of its stronger areas, especially for reducing repetitive administrative tasks and improving consistency; a common example is user onboarding and offboarding workflows where predefined templates automatically populate user attributes, assign appropriate groups, and apply naming standards based on department or role, significantly reducing manual effort and minimizing configuration mistakes.

One Identity Active Roles has had a significant effect on the complexity and workload of day-to-day Active Directory administration, as earlier, many Active Directory-related tasks depended heavily on experienced administrators making direct changes in Active Directory users and computers, which increased the risk of inconsistency and human error; after implementing One Identity Active Roles, administrative tasks became more structured through delegated access, templates, and automated workflows.

One Identity Active Roles is strong operationally, but there are a few areas where it could improve, such as cloud-native integration; since many organizations are moving towards hybrid and multi-cloud environments, a tighter and simpler integration with more cloud platforms would enhance the overall experience.

One practical pain point I encountered around workflow customization and change management is that the tool is powerful, but when organizations want highly customized approval flows based on business logic, implementation can become complex and often relies on experienced administrators or consultants.

I have been using One Identity Active Roles for three years.

One Identity Active Roles is a stable and reliable platform.

From my experience, One Identity Active Roles is quite scalable, especially for medium to large enterprises that have a high volume of Active Directory administrative operations, as the architecture is designed to scale Active Directory delegation and administration.

I found the customer support experience with One Identity generally positive, especially for enterprise-level support cases, as their support team has strong technical knowledge of Active Directory and IAM issues which is crucial for solving issues.

Before using One Identity Active Roles, a large portion of administrative work was handled with native Active Directory tools and manual operational processes, and the main reason for moving towards One Identity Active Roles was the increasing complexity of user and access management as the organization scaled.

The ease of integrating One Identity Active Roles with our existing IT infrastructure and directory services was moderately manageable, as it was not extremely difficult but required proper planning and understanding of the existing infrastructure; since our organization is heavily based on Active Directory and Microsoft technologies, the core integration was relatively smooth, allowing straightforward onboarding, synchronization, delegation, administration, and policy configuration once the architecture was properly designed.

The implementation was done in-house by our IT team.

The organization has seen a positive return on investment, though the return on investment is more operational and security-focused than just a cost reduction; we also observed fewer operational errors related to account provisioning and group assignments due to standardized templates and workflows reducing inconsistencies, meaning even a small reduction in manual administration and troubleshooting effort adds up.

Pricing for One Identity Active Roles is a bit on the higher side compared to other options in the market.

During the evaluation phase, I considered a few other IAM and Active Directory management solutions; the comparison was mainly about delegation capabilities, automation, and audit, including Microsoft's native Active Directory administration approach combined with scripting and Group Policy management, as well as tools such as Microsoft Entra ID, NetIQ, SailPoint, and CyberArk, depending on the use case.

My advice for others looking into using One Identity Active Roles is to first understand your internal identity and access management processes before implementing the tool, and I recommend starting with clear delegation and automation goals instead of trying to customize everything immediately. I would rate this product an 8.5 out of 10.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is centralized Active Directory administration and identity lifecycle management, including automatic user provisioning and deprovisioning, delegating administration, role-based access control, policy enforcement, and workflow automation to improve security, compliance, and operational efficiency.

A specific example of using One Identity Active Roles to automate user provisioning is automatic employee onboarding, where new users are automatically created with the correct OU placement, group membership, permission, and policy based on their department or role, reducing manual efforts.

Additionally, I use One Identity Active Roles for delegated administration, password management, approval workflows, group management, and auditing Active Directory changes, which helps improve security, reduce administrative workload, and maintain compliance.

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, policy placement, approval workflows, and auditing.

One Identity Active Roles automation helps by automatically provisioning and deprovisioning users, assigning groups, and permission based on roles, making my work easier and more efficient. While delegating administrative tasks, it allows service desk teams to perform limited AD tasks without full domain access.

Additionally, the approval workflow, auditing, and policy enforcement features in One Identity Active Roles are very valuable, as they help maintain compliance, track all Active Directory changes, enforce naming and security standards, and improve overall governance and operational controls.

One Identity Active Roles positively impacts my organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and offboarding processes, and enhancing compliance with centralized auditing and policy enforcement.

One Identity Active Roles can be improved with a more modern and user-friendly interface, better reporting and analytics, simplified workflow customization, faster performance in large environments, and stronger cloud and hybrid identity integration capabilities.

Additionally, One Identity Active Roles could be improved with troubleshooting tools, clearer error reporting, enhanced real-time monitoring dashboards, and simplified complex policy and workflow management to make administration easier in large enterprise environments.

I have been working in my current field for the last one month.

One Identity Active Roles is generally very stable and reliable in enterprise environments with consistent performance in Active Directory management automation and delegation tasks when properly configured and maintained.

One Identity Active Roles can scale to large enterprise environments and can efficiently handle thousands of users, groups, and Active Directory objects, centralizing automation and delegation processing without significant performance issues.

Basic customer support for One Identity Active Roles has been generally good, with knowledgeable technical teams and effective guidance on deployment, although response time for complex escalations can sometimes be a bit slower.

I would rate customer support for One Identity Active Roles around a seven out of ten for strong technical expertise and helpful guidance, with some room for improvement in escalation and response times.

Before implementing One Identity Active Roles, I primarily used native Active Directory tools and manual administration processes, along with basic PowerShell scripting for user and group management.

The main difficulty I faced integrating One Identity Active Roles was complex workflows, mapping RBAC permissions correctly, synchronizing a hybrid environment like Microsoft Azure, and troubleshooting policy or replication-related issues during the initial deployment.

I saw a strong ROI with One Identity Active Roles through around a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual errors, and improved compliance and audit efficiency, which saves significant administrative time and operational efforts.

Pricing and licensing of One Identity Active Roles are enterprise-based and depend on the number of managed users or accounts, while setup costs are moderate due to infrastructure implementation and integration requirements. Overall, it provides good value through automation, security, and reduced administrative overhead.

Before selecting One Identity Active Roles, I evaluated options including Microsoft Identity Manager and SailPoint IdentityIQ, but chose One Identity Active Roles due to its strong Active Directory integration, automation, and delegation administrative capabilities.

My impression of the automation capability of One Identity Active Roles is very positive, as it significantly reduces manual Active Directory tasks through automated provisioning, deprovisioning, group management, approval workflows, and policy enforcement, improving efficiency, consistency, and security across the environment.

One Identity Active Roles significantly reduces the complexity of Active Directory administration by centralizing management, automating repetitive tasks, and enabling delegated access control, although the initial setup and advanced workflow configuration can be complex in large enterprise environments.

One Identity Active Roles delegation allows service desk or junior administrators to perform specific Active Directory tasks including password resets, user creation, and group management without giving full domain administrative access, which improves security, reduces workload on senior admins, and speeds up request handling.

My advice to others considering using One Identity Active Roles is to plan the Active Directory structure, RBAC model, and workflow carefully before deployment. I recommend starting with a pilot implementation and leveraging automation and delegated administration features fully to maximize security, efficiency, and compliance benefits. I would give One Identity Active Roles an overall rating of eight out of ten.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is managing Active Directory users and groups in a centralized way, and I primarily use it for provisioning, access management, password reset, onboarding and off-boarding processes, and delegated administration.

During employee onboarding, I use One Identity Active Roles to create user accounts, assign the required group membership, apply department-based permissions, and configure account policies from a centralized console. For delegated administration, specific tasks such as password reset or basic account management can be assigned to a specific support team without giving them full domain admin access, which improves security and also reduces workload for senior administrators.

Apart from onboarding and access management, I also use One Identity Active Roles for account lifecycle management, such as disabling accounts during off-boarding and updating permissions during role changes. It helps with maintaining consistency through policy-based administration and reduces manual effort for repetitive Active Directory tasks.

A valuable feature of One Identity Active Roles is delegated administration because it allows different teams to handle specific tasks without giving full Active Directory access. I also find that centralized user and group management very useful since it simplifies onboarding, off-boarding, permission updates, and account management from a single interface. The strong feature is automation and workflow management, which helps reduce manual effort and improve consistency and minimize administrative errors.

Account creation, group assignment, and permission management can all be handled from one place instead of manually configuring everything in Active Directory, making it much faster. Delegated administration also makes support operations easier because basic tasks of password reset and account unlocks can be securely handled by the support team without requiring administrative privileges. These features improve visibility and help maintain better control over administrative changes.

One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks. It also enhanced security through delegated administration because teams can perform specific tasks without needing full domain admin rights. Another positive impact is reduced manual errors and faster onboarding and off-boarding processes, which improved overall operational efficiency for my IT team.

Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues. Additionally, improving the overall performance and simplifying some workflow configurations would make day-to-day operations easier.

I have been using One Identity Active Roles for around one year.

One Identity Active Roles has been a stable solution for day-to-day Active Directory administrative and identity management tasks in my experience, as I have been able to use it reliably for user provisioning, delegated administration, and access management with consistent performance. As with any enterprise solution, proper configuration and maintenance are important, but overall, it has been stable in my environment.

One Identity Active Roles is scalable and is actually designed specifically for large enterprise environments and hybrid environments, so it has centralized multi-domain management tailored for large enterprises.

Customer support for One Identity Active Roles is generally rated as good but not perfect, so it really depends on the type of issues and how my environment is set up.

Previously, most of the administration was handled directly through native Active Directory tools and manual processes. My organization moved to One Identity Active Roles to improve centralized management, delegation, and automation, which also helped improve security and reduce manual workload through better control over permissions.

The integration process was relatively easy because One Identity Active Roles integrates well with existing Active Directory environments. The initial setup and configuration required proper planning and understanding of the directory structure, but once configured, it worked well with the existing IT infrastructure, making the centralized management and policy-based administration easier to align with my current identity management process.

From an operational perspective, I have seen a positive return in terms of time-saving and administrative efficiency. For example, routine tasks of user onboarding, permission updates, and account management are completed much faster now compared to manual Active Directory administration. While I was not directly involved in financial calculation, it has definitely improved efficiency and reduced manual effort for my IT teams.

I was not involved directly in the product evaluation or selection process, so I cannot comment in detail on all the alternatives that were evaluated. However, from my understanding, the decision was mainly based on improving centralized Active Directory management.

After using One Identity Active Roles, onboarding account management tasks become noticeably faster. For example, creating a user account and assigning permissions that previously took around fifteen to twenty minutes manually can be completed in just a few minutes through centralized workflows. I have also noticed fewer permission-related mistakes and improved consistency because policies and templates are applied in a standardized way.

My advice for anyone evaluating One Identity Active Roles is that if you are planning to use Active Roles, the most important thing to understand is that it is not just a tool; it is an identity management framework for Active Directory and hybrid environments. Success depends more on design and implementation than the product itself.

One Identity Active Roles is deployed in an on-premises environment integrated with my Active Directory infrastructure. I use One Identity Active Roles for Active Directory administration and identity management tasks, so it is mainly consolidated around centralized user management and delegated administration.

I have utilized the fine-grained permission control feature in One Identity Active Roles mainly through delegated administration, which helped implement least privilege principles by allowing teams to perform only the specific task required for their role, such as a password reset or account unlock, without providing full Active Directory administrative access. This improved security, reduced unnecessary privileged access, and helped maintain better control and accountability over administrative activities.

My impression of the automation capabilities is very positive because they help reduce repetitive manual administrative tasks and improve consistency in user management. For example, during onboarding, account creation, group assignment, and applying standard permissions can be handled through predefined workflows and policies, which saves time and reduces configuration errors. Automation also helped during off-boarding processes by quickly disabling accounts and removing access in a centralized way, improving both efficiency and security.

Administrative tasks related to Active Directory, such as user provisioning, group management, password reset, and access updates, become more streamlined and easier to handle. It also reduced manual workload for administrators because many repetitive tasks can be completed through workflows and delegated administration instead of handling everything directly in native Active Directory tools. It has significantly reduced the complexity of many Active Directory administrative tasks by centralizing management and automating routine operations.

I think the pricing structure will be suitable. I have given this review an overall rating of nine.

On-premises

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

I have been using One Identity Active Roles for more than three years.

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

On-premises

Other