One Identity Active Roles Reviews

One Identity Active Roles is primarily used for centralized Active Directory management, user provisioning, and automated access control. It streamlines user account creation, role-based administration, group management, and policy enforcement while reducing manual administrative effort and improving security compliance.

A common day-to-day use case involves onboarding new employees. One Identity Active Roles automated user account creation, group assignments, mailbox setup, and permission allocation based on department rules. This process was previously manual and time-consuming, but One Identity Active Roles reduced setup time significantly and helped avoid configuration mistakes and permission inconsistencies.

Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

The best features of One Identity Active Roles are automated user provisioning, delegated administration, and role-based access control. It reduces manual Active Directory management tasks, improves security through fine-grained permissions, and provides centralized auditing and policy enforcement. The automation workflows and approval-based access management are especially valuable for maintaining consistency and compliance in large enterprise environments.

The automation workflows help the team automate repetitive identity management tasks such as user onboarding, account updates, password resets, and de-provisioning. Approval-based access management adds an extra security layer by requiring manager or admin approval before sensitive permissions or group memberships are granted. This reduces manual effort, minimizes human errors, improves compliance, and ensures proper access governance across the organization.

One Identity Active Roles significantly reduces the complexity and workload of Active Directory management by automating repetitive tasks such as user provisioning, group management, password resets, and access changes. It simplifies delegated administration and centralized policy management, allowing the IT team to handle Active Directory operations more efficiently with fewer manual errors.

One Identity Active Roles could be improved with a more modern and intuitive user interface, faster performance during large-scale directory operations, and simpler initial deployment and configuration.

One Identity Active Roles has been used for approximately seven months.

One Identity Active Roles is stable.

One Identity Active Roles is highly scalable and works well in medium to large enterprise environments. It can efficiently manage a large number of users, groups, and directory objects while maintaining centralized administration, automation, and policy enforcement across multiple domains and complex Active Directory infrastructures.

Customer support for One Identity Active Roles is excellent.

The organization mainly consolidated Active Directory administration, user provisioning, access governance, and role-based access management using One Identity Active Roles. It helps centralize identity management tasks that were previously handled through multiple manual tools and scripts.

Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

Careful planning of the initial deployment and role structure before implementation is recommended. One Identity Active Roles delivers the most value when automation workflows, delegated administration, and access policies are properly designed according to organizational needs.

A clear return on investment was realized after implementing One Identity Active Roles. Automated provisioning and access management reduced manual administrative effort by nearly 50 to 60%, which saved significant onboarding time and lowered the number of access-related errors and support tickets.

The pricing and licensing experience with One Identity Active Roles was generally reasonable for an enterprise IAM solution. Initial setup required some planning and technical resources, but the long-term operational efficiency and automation benefits provided good overall value.

After implementing One Identity Active Roles, user provisioning and access management time was reduced by nearly 50 to 60%. The automation workflows helped lower manual configuration errors and improved compliance by maintaining proper approval trails and access governance records.

The automation capabilities of One Identity Active Roles are impressive because they significantly reduce repetitive administrative work and improve consistency. Employee onboarding workflows were automated, so new users automatically receive the correct accounts, group memberships, and permissions based on their department and role. Automated de-provisioning is also used to quickly disable accounts and revoke access when employees leave the organization, improving both efficiency and security.

The review rating provided for One Identity Active Roles is 10 out of 10.

On-premises

My main use case for One Identity Active Roles is Active Directory management, user provisioning, provisioning and de-provisioning, role-based access control, and automating identity administration tasks.

The best features One Identity Active Roles offers are automated user provisioning, role-based access control, and delegated administration, auditing, and centralized Active Directory management. I also find the workflow automation and policy enforcement features very useful because they help reduce manual efforts, improve security, and maintain consistency across the environment. Features such as access templates, dynamic groups, and detailed reporting also make identity administration much more efficient.

Access templates and dynamic groups have helped standardize permissions and reduce manual configuration work. For example, when a user moves to a different department or role, the correct group membership and access right can be updated automatically based on predefined policies, which improves consistency and reduces errors.

Another feature I find valuable in One Identity Active Roles is the auditing and reporting capability. It provides clear visibility into changes made in Active Directory, which helps with troubleshooting, compliance, and security monitoring. The delegated administration feature is also very useful because it allows tasks to be assigned securely without giving full administrative access.

One Identity Active Roles has improved the efficiency of identity and access management in our organization. It reduced manual administrative work, improved consistency in user provisioning and access control, and strengthened security through better policy enforcement and auditing.

I noticed significant time-saving after implementing One Identity Active Roles. User provisioning, access updates, and onboarding tasks that previously required a lot of manual efforts are now completed much faster through automation, reducing administrative workload by around forty to fifty percent. It also helped reduce configuration errors and improve compliance by enforcing standardized access policies and maintaining detailed audit logs for Active Directory changes.

One Identity Active Roles could be improved with a more modern and user-friendly interface, especially for new administrators. Some advanced configuration and workflow can feel complex, so simplifying setup and management would improve the overall experience. Better integration and reporting customization options would also be helpful for large environments.

Other improvements needed for One Identity Active Roles include providing more simplified documentation and onboarding resources for advanced features and workflow configuration. Faster troubleshooting guidance for complex environments and more flexible reporting options would also help administrators manage identity operations more efficiently. Overall, the platform is reliable and delivers strong value for Active Directory management and automation.

Improvements for One Identity Active Roles would include enhancing performance and responsiveness in very large environments with complex workflows and multiple integrations. More built-in analytics and easier customization for dashboards and reports would also help administrators gain insights more efficiently.

I have been using One Identity Active Roles for around one year.

One Identity Active Roles is stable.

One Identity Active Roles has shown good scalability in our experience. It can efficiently handle a growing number of users, groups, workflows, and Active Directory objects without major performance issues, making it suitable for enterprise environments and hybrid infrastructure.

My experience with customer support has been positive overall. The support team is very knowledgeable and generally responsive in handling configuration issues, and I receive good technical expertise and helpful assistance from the support team.

Before using One Identity Active Roles, we mainly relied on native Active Directory tools and manual administrative processes. We switched because One Identity Active Roles provided better automation, centralized management, delegated administration, and stronger auditing capabilities, which helped reduce manual efforts and improve security and operational efficiency.

My experience with pricing, setup cost, and licensing was generally positive. The initial setup required proper planning and configuration, especially for workflow, delegation policy, and Active Directory integration, but the deployment process itself was manageable.

We have seen a positive return on investment, mainly through time-saving and reduced administrative workload. Tasks such as user provisioning, access updates, and account management that previously required a lot of manual efforts are now automated, reducing administrative efforts by around forty to fifty percent. It also helps reduce configuration errors, improve compliance, and allows administrators to focus more on strategic identity and security tasks instead of repetitive manual processes.

Before choosing One Identity Active Roles, we evaluated other solutions, and we selected One Identity Active Roles because of its strong Active Directory management capabilities, delegated administration, automation features, and centralized visibility across hybrid environments.

My advice for others looking into using One Identity Active Roles is to clearly plan your identity management and Active Directory requirements before implementation. Invest time in proper onboarding and workflow design so you can fully utilize the automation, delegated administration, and compliance features. Once configured properly, it can significantly reduce manual efforts and improve security and operational efficiency.

Overall, One Identity Active Roles has been a reliable and valuable solution for improving Active Directory management, automation, and access control. It helped reduce manual efforts, improve security, and streamline identity administration tasks across the organization. I would rate this product an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

One Identity Active Roles is used for provisioning and directory management.

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.

Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.

I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.

I have been using One Identity Active Roles for about three years.

One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.

I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.

I rate the vendor's technical support a ten out of ten.

Positive

We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.

The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.

One Identity Active Roles was purchased through a partner.

I am aware of the pricing; it is on the expensive side, though pricing is not my department.

One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.

The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.

I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.

I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.

I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.

The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.

On-premises

My main use case for One Identity Active Roles is Active Directory user and group management with automation and delegated administration. For example, in daily work, I use it to automate user provisioning, deprovisioning, manage security group access, and enforce naming and compliance policies across AD environments.

The best features for One Identity Active Roles in my experience are automation, delegated administration, RBAC, dynamic group management, and policy enforcement. I also appreciate centralized management for AD and Entra ID, along with auditing and change tracking which helps significantly during compliance reviews.

One Identity Active Roles has made the biggest impact in automation and delegated administration. It reduced manual AD tasks, minimized provisioning errors, and accelerated user onboarding and offboarding significantly in day-to-day operations.

One Identity Active Roles has positively impacted our organization by improving AD administration efficiency, reducing manual errors, strengthening access governance, and helping to standardize user provisioning and compliance processes across the team.

Since implementing One Identity Active Roles, we have seen faster user provisioning and deprovisioning, a noticeable reduction in manual AD efforts, and significant time savings for routine administrative tasks. It also improved audit readiness through better tracking and policy enforcement.

One Identity Active Roles could be improved with a more modern and intuitive UI, faster performance for large environments, simpler reporting customization, and smoother integration with cloud-native identity platforms and APIs.

I have been using One Identity Active Roles for around a year, mainly for AD automation, user provision, group management, and access governance tasks.

One Identity Active Roles is very stable.

The scalability of One Identity Active Roles is strong in my experience. It handles large and complex Active Directory environments efficiently, supports multiple domain and hybrid setups, and maintains performance even with a high number of users and objects when properly configured. It is well-suited for enterprise-scale identity management.

Support for One Identity Active Roles is generally good. We have a positive experience with response time and technical assistance for both configuration and troubleshooting. Documentation and support portal resources are also helpful, though some complex issues may require escalations.

The integration of One Identity Active Roles with our existing Active Directory and IT infrastructure was fairly straightforward. I connected smoothly with our directory services, and most configurations were manageable with standard setup and policies. Some advanced customization required learning, but overall, the integration effort was moderate.

We have clearly seen the ROI for One Identity Active Roles. We reduced manual Active Directory administration efforts, improved provisioning speed, and minimized errors that previously required rework. While exact figures vary, the biggest gains were in the time saved for routine tasks and reduced workload on the AD team, allowing us to focus on higher value work instead of repetitive user management.

We found the pricing, setup cost, and licensing for One Identity Active Roles to be on the enterprise side, but justified by the capabilities. Initial setup, some planning, and integration effort with Active Directory and licenses are typically based on managed user objects. Overall, the cost made sense considering the automation, governance, and long-term reduction in manual administration.

My advice for others looking into One Identity Active Roles is to clearly define your Active Directory structure and governance model before implementing it. Invest time in designing roles and workflows properly, as most of the value comes from there. Also, plan the integration carefully and involve the AD and security team early to ensure smooth adoption.

One Identity Active Roles has been a reliable and effective solution for managing Active Directory at scale. It improved security, reduced manual work, and brought consistency to the identity operations. The main value comes from proper design and automation setup, which pays off long-term. I would rate this review a 10 out of 10.

On-premises

We are using One Identity Active Roles to simplify our Active Directory administration, such as controlling delegation access and automating routine tasks including user management activities.

One Identity Active Roles offers many valuable features that function very smoothly, including delegation administration, automated user management, approval workflows, and auditing details. These are the best features based on my experience.

What stands out the most in One Identity Active Roles is its ability to securely delegate routine Active Directory tasks without granting full administrative privileges. Combining this with automation and policy-based control really helps us reduce manual efforts.

One Identity Active Roles has positively impacted many areas within our organization by simplifying Active Directory administration and reducing manual efforts. It improves operational efficiency with the help of automation and delegated administration, leading to very positive outcomes.

In terms of governance and security, One Identity Active Roles provides very valuable add-on features, offering strong governance while not being heavily AI focused. It helps us enforce least privileged access and improves accountability while mitigating the risk of unauthorized changes within our Active Directory environment.

The accuracy and reliability of output from One Identity Active Roles are very high, as it provides very accurate results.

We use the fine-grained permission control feature of One Identity Active Roles, which has been very effective in supporting our least privilege strategy. For example, help desk staff can perform password resets and account unlocks without receiving full Active Directory administrative rights, providing security and reducing the number of highly privileged accounts in the environment.

My impression of the automation capabilities of One Identity Active Roles has been very positive. User account creation, group membership assignments, and account updates can be automated through predefined policies and workflows, allowing the correct attributes, permissions, and groups to be applied automatically based on organizational requirements.

One Identity Active Roles helps improve our compliance processes by enhancing control, visibility, and accountability within Active Directory, strengthening governance, and simplifying the audit and compliance process.

I believe the initial setup could be more simplified to allow for better and faster deployment.

I have been using One Identity Active Roles for almost two years.

One Identity Active Roles is a stable solution.

One Identity Active Roles is a very scalable solution that can handle organizational growth over time.

Customer support for One Identity Active Roles is very responsive and effective. Whenever we face technical issues, we raise a ticket and they are ready to provide support.

I believe the initial setup could be more simplified to allow for better and faster deployment.

We are seeing a very good return on investment with One Identity Active Roles by reducing manual efforts, which in turn saves us time and money. This solution provides a significant benefit, allowing us to complete tasks forty to sixty percent faster than before.

My advice to any organization considering using One Identity Active Roles is to deploy it, as it will be a great decision. During the deployment phase, I recommend identifying the Active Directory tasks that consume the most administrative time and focusing on automating those processes while taking advantage of all the useful features. I rate One Identity Active Roles nine out of ten because it is a very powerful solution providing great features and a smooth operational process.

On-premises

Microsoft Azure

I use One Identity Active Roles primarily for identity management. We use it for managing multiple domains from a single interface, and the domains do not have trust between them. It has been used by multiple support teams, such as the service desk or the identity access management team for account creation, modification, and management of accounts. It is mostly focused on account creation, modification, deletion, and AD objects.

One Identity Active Roles has helped my organization reduce the number of incorrect privileged accounts through the management unit feature. It helps us identify accounts that are not in use, and while creating admin accounts, we use it to set policies regarding which required fields must be filled during account creation. This helps us keep the process clean and ensures all required attributes are filled before account creation. We have scheduled scripts on One Identity Active Roles that check if activity meets criteria. If it doesn't, it will move the account to a specified OU, disable it, or delete it, as per the defined process.

One Identity Active Roles helps us keep accounts consistent. For instance, when somebody leaves the company, all associated accounts get removed, which helps us eliminate unwanted accounts.

For Active Directory, the provisioning and de-provisioning capabilities work exceptionally. The de-provision feature allows account disconnection without disabling it, enabling quick reconnection with automatic group additions. This feature significantly speeds up the process compared to disabling and re-adding to groups.

The comprehensive group membership management feature is exceptional because it offers two features not available in Active Directory directly: adding multiple secondary owners and dynamic groups. The latter is only available for Azure AD, not for on-premise AD.

Using One Identity Active Roles enables temporary group additions. For instance, if a group provides access, we can temporarily add a member, and when the time period expires, the member gets removed automatically.

The granular control is exceptional; we can give the least control required by the team. For modifying any group, we don't have to give create and delete roles; we can just give them the move role. 

The delegation of administrative access impacts IT operations positively through access templates, which are usually created based on the team.

One Identity Active Roles has increased operational efficiency despite occasional slowdowns. Solution consolidation is part of our identity and access management strategy, eliminating the need for direct Active Directory access for the help desk and IAM team.

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners. 

The interface appears outdated. Once logged in, everything inside remains unchanged from years ago. 

Additionally, when they release new features, they should provide training or webinars at least once or twice a year. This would help users stay updated and aware of new features. When I requested a demo session with One Identity, the presenter didn't provide complete details, making it difficult for non-technical managers to understand. The demo should be planned based on the customer's knowledge level.

Regarding visibility in the directory ecosystem, while it is very good, there are limitations. When we add numerous domains, it becomes slow. With around 60 domains, attempting to add approximately 30 caused significant performance issues. We had to remove and decrease the number of domains, indicating room for improvement in managing multiple domains from a single interface.

I have been using One Identity Active Roles for approximately 11 or 12 years.

I would rate the stability as eight out of ten. I have already discovered approximately three defects in the new version. 

While One Identity Active Roles has improved operational efficiency, there are occasional challenges with system slowdowns.

The scalability is excellent, rated around nine or ten out of ten. It can be expanded or decreased based on the SQL server requirements.

In our organization, the solution is open to all users with read-only access, with approximately 200 users having admin access. 

I would rate their support a nine out of ten.

Positive

I've personally deployed systems from scratch, from planning through to completion.

Deployment is not overly complicated. We do need to ensure that the required ports are open and that we have the necessary permissions. However, it does vary from company to company regarding how they manage to get those ports opened and permissions granted. Based on my experience, I would rate the complexity of deployment as about a seven or eight out of ten. In the new version, we did encounter some issues related to system slowness, but other than that, most aspects look good.

The deployment duration depends on your company's processes. If you manage to get the ports opened and the permissions granted quickly, the deployment can be completed in about two months. For us, it took approximately six months because acquiring the necessary permissions and opening the ports took time. Additionally, post-deployment, we needed to conduct some testing as well. So, while I wouldn’t say it takes excessively long, it does depend on your circumstances. If everything is in place, meaning if the ports are open and permissions are set, you could deploy a basic version within two days.

The solution requires regular maintenance, including server patching and routine updates. We monitor alerts and check the website regularly as part of business-as-usual support.

When comparing One Identity Active Roles with other solutions in the market, there are no direct competitors. Having explored alternatives in my previous company, I found it to be more user-friendly and to have more secure features around Active Directory than other available solutions.

Regarding integration, I have not yet integrated One Identity with other One Identity products as this process is ongoing with our recent upgrade. While we have multiple One Identity products, this integration remains a future project.

Regarding lifecycle management capabilities via the workflow engine, we have not fully utilized it because most workplaces have used third-party tools such as Microsoft MIM. At my previous workplace, SailPoint was used for complete account lifecycle management. We primarily used One Identity Active Roles for account management after creation and for modification of admin accounts.

I would recommend One Identity Active Roles based on its ability to manage domains from a single interface and provide minimal-required access based on work requirements. The web interface login and MMC console are very user-friendly.

I would rate this solution an eight out of ten.

On-premises

One Identity Active Roles is our main solution for simplifying Active Directory management through automation, detection, and efficient user account administration.

When a new employee joins, One Identity Active Roles automatically creates the user account, assigns the correct group, and applies the required permission based on their role, reducing manual efforts and ensuring consistency.

One Identity Active Roles offers automation, automation of users, provisioning, role-based delegation, centralized Active Directory management, and streamlined user lifecycle management as its best features.

The most valuable feature in my day-to-day work is automation. It helps reduce manual efforts by automatically creating user accounts, assigning permissions, and managing user lifecycle tasks, which saves time and improves consistency.

Another feature I appreciate is role-based delegation. It allows different teams to manage specific tasks securely without giving full administrative access, which improves both efficiency and security.

One Identity Active Roles has positively impacted my organization by improving efficiency through automating routine tasks, reducing administrative workload, and helping maintain consistent access management across the organization.

The automation capabilities provided by One Identity Active Roles are among the strongest aspects of the product. For example, when a new employee joins, One Identity Active Roles can automatically create the user account, assign the appropriate group, and apply permissions based on the user's roles. It significantly reduced the complexity of Active Directory administration by automating routine tasks and making user and access management much easier for our IT team.

One improvement for One Identity Active Roles would be simplifying the initial setup and configuration process. A more intuitive interface and easier onboarding for new administrators would make deployment and management even smoother. The reason it is not a ten is the initial setup and configuration.

I have been using One Identity Active Roles for approximately five years.

One Identity Active Roles has been very stable in our environment. In my experience, One Identity Active Roles is highly reliable and consistent in its automation and access management processes. It performs tasks accurately based on the defined policies and workflows, which helps reduce manual errors and improve operational efficiency.

One Identity Active Roles is highly scalable. It can efficiently manage a growing number of users, groups, and administrative tasks. It is suitable for both small and large organizations.

Customer support has been good. The support team is very responsive, knowledgeable, and helpful. They are quick to resolve issues and provide guidance when needed.

We did not use a dedicated solution before One Identity Active Roles.

We saw a noticeable reduction in manual efforts and provisioning errors since implementing One Identity Active Roles. Tasks that previously took several minutes per user can now be completed automatically, helping the IT team save time and maintain consistency across user account management. The initial setup required some planning, but once deployed, the product delivered good value through automation and improved administrative efficiency.

We have seen a positive return on investment. The biggest benefit has been time savings through automation, reducing manual administrative work, and helping the IT team manage user accounts more efficiently.

The pricing and licensing of One Identity Active Roles were reasonable for our requirements.

We evaluated a few alternatives, including native Active Directory tools. We selected One Identity Active Roles because of its strong automation, delegation, and centralized management.

I would advise clearly defining your Active Directory management and delegation requirements before deployment. Take advantage of the automation and role-based access features as they can significantly improve efficiency, security, and consistency. One Identity Active Roles integrates well with our existing Active Directory environment, and the available workflow and management features help streamline administration with minimal disruption.

We use fine-grained permission control to delegate specific administrative tasks to different teams without full Active Directory privileges. This has helped us implement least privilege principles more effectively, improving security while maintaining operational efficiency. I would rate this review as a nine out of ten.

On-premises

Our main use case for One Identity Active Roles is centralized Active Directory administration and user lifecycle management. We primarily use it for automated user provisioning and de-provisioning, role-based access control, group management, and delegating administrator tasks securely without giving full domain admin rights.

One common scenario is delegating password reset and user account unlock tasks to the service desk team using One Identity Active Roles.

Another valuable aspect for our use case with One Identity Active Roles is automation and standardization. We use it to apply consistent user provisioning policies, naming conventions, and group assignments across the organization.

One Identity Active Roles has had a positive impact on our organization by improving security and simplifying Active Directory management. One of the biggest benefits has been secure delegation. We no longer need to provide full domain administrator access for routine tasks, which has reduced security risk and improved operational control. Help desk and regional IT teams can handle common user management activities within their assigned scope without affecting critical systems.

We have seen noticeable operational and security improvements after implementing One Identity Active Roles. One major improvement was the reduction in manual administrator effort for tasks such as user provisioning, password resets, group assignments, and account deactivation, which became much faster through automation and delegation. This has reduced the workload on senior administrators and improved response times for end users.

The best features of One Identity Active Roles are its automated delegation and centralized Active Directory management capabilities. Based on my experience, these are the most valuable features, including role-based access control and automated workflows, dynamic group management, change tracking, and auditing, hybrid environment management, and access templates and policy enforcement.

The feature that made the biggest difference for us with One Identity Active Roles is the role-based delegation. Automation workflow, automated user provisioning, de-provisioning, group management, and policy enforcement reduce manual work and human error. Dynamic group management, such as automatically adding or removing users from groups based on predefined rules and attributes, also contributes significantly.

One area where One Identity Active Roles could be improved is the user interface. A more modern and simplified interface would help reduce the learning curve and improve day-to-day management efficiency.

I would also appreciate improvements in cloud-focused management and integration. Many organizations now operate in a hybrid or cloud-first environment, so having more intuitive Microsoft 365 and Entra ID management workflows would improve operational efficiency.

There are still a few areas where improvements could be made to One Identity Active Roles, such as a more modern user interface experience. The interface is powerful but can be dated and complex. A cleaner, more intuitive UI would make daily admin tasks faster and easier, particularly for new administrators. It also needs a strong cloud-native experience and simplified workflows and reporting setup.

I have worked in this field for the last seven years.

One Identity Active Roles is very stable.

Its scalability is good.

Customer support is good, and I rate customer support a nine.

Before selecting One Identity Active Roles, we evaluated several other options, including Active Directory management and IAM solutions, such as Microsoft native tools, AD Entra, ManageEngine ADManager Plus, NetIQ, SailPoint, Okta, and JumpCloud. While other tools were very strong, especially in areas including governance and cloud IAM, One Identity Active Roles stood out for operational AD management, particularly secure delegation, which was our primary requirement. We chose One Identity Active Roles based on this evaluation.

Integrating One Identity Active Roles with an existing IT infrastructure and directory services is generally of moderate difficulty. It is not overly complex, but it does require proper planning and Active Directory expertise.

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations. The typical ROI outcomes we have observed include time savings in user provisioning, which previously took twenty to thirty minutes per request. After implementing One Identity Active Roles, we reduced this to approximately five to ten minutes using templates and automation. This alone represents a sixty to seventy percent time reduction per request.

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations.

Our experience with pricing, setup costs, and licensing indicates that it is on the higher side but justified by the enterprise value. The licensing model is typically subscription-based and usually calculated based on the number of managed user accounts.

Our experience with delegation in One Identity Active Roles has been very positive and has fundamentally changed how we manage Active Directory operations. With delegation, we have implemented role-based delegation to assign specific administrator responsibilities to different IT teams, such as the help desk team for password resets, account unlocks, and basic user attribute updates; the regional IT team for user and group management; and the AD administrator for higher-level tasks including policy changes, schema-related operations, and domain controller control.

The key advice I would recommend is to invest time in design before implementation, redefine your role model and UI structure, start small and expand gradually, and keep your delegation strategy role-based.

One Identity Active Roles has significantly reduced both the complexity and the workload for Active Directory administration in our environment. The impact on workload has been a major reduction in manual AD tasks. Routine activities such as user creation, password resets, group updates, and account disabling and enabling are now largely automated and delegated to various roles.

The automation capabilities are generally very strong, especially for Active Directory lifecycle management and role-based access control. One Identity Active Roles is designed to reduce manual IT administration by turning repetitive identity tasks into policy-driven and workflow-based automation.

Fine-grained permission control in One Identity Active Roles has been a key part of implementing least privilege access in our environment. We use it to define very specific permissions at a granular level, such as allowing the help desk team to reset passwords and unlock access only within their assigned organizational units, restricting group management rights so that users can only modify specific security or distribution groups, and limiting attribute-level changes. The impact on least-privilege implementation has been reduced over-privileged accounts, a strong security posture, clear accountability, better compliance alignment, and operational efficiency without risk trade-offs.

I rate this review an eight overall.