One Identity Active Roles Reviews

My main use case for One Identity Active Roles is role-based administration, where different IT teams can give limited permission based on their responsibilities, which improves security and control.

I can give you a specific example of how I use role-based administration with One Identity Active Roles: when a new employee joins a company or organization, One Identity Active Roles can automatically create the user account, assign the required groups, mailbox, and permissions based on the employee's department. Similarly, when an employee leaves, access can be disabled quickly from one place. This saves time and reduces security risk.

In my opinion, the best features One Identity Active Roles offers include centralized Active Directory management, role-based access control, easy password management, auditing and reporting. Additionally, it reduces manual administrative tasks.

I find myself relying on centralized management the most out of those features, as the IT team can manage all user groups, permissions, and Active Directory related tasks from one single platform instead of handling everything manually from different servers or tools. With One Identity Active Roles, administrators can create users, reset passwords, assign permissions, manage groups, and disable accounts.

One Identity Active Roles has impacted my organization positively by reducing manual work, improving security, saving administrative time, and reducing human errors. The best feature I can highlight is that the organization helps in reducing human error and standardizing the user management process. Apart from this, it enhances overall operational efficiency.

One Identity Active Roles is a very strong solution for Active Directory management and automation. I do not have improvements to suggest for this product since I have been using it and feel better about it. I do not wish to add more about needed improvements, even small things that could make my experience smoother.

I have been using One Identity Active Roles for seven to eight months.

One Identity Active Roles is stable.

For scalability, I find it good for the future.

My impression of customer support is good. I can rate the customer support as an eight on a scale of ten.

I have not used any other solution before One Identity Active Roles. I have not used or evaluated any other options before choosing One Identity Active Roles.

One Identity Active Roles is deployed on-premises only, with the deployment starting by installing the One Identity Active Roles server on a Windows server.

I cannot speak extensively on ROI, but I can mention that IT administrative effort was reduced, user onboarding and offboarding became faster, security and compliance improved, and the help desk workload decreased. Operational efficiency has been increased.

Regarding pricing, my experience is that things are much higher priced, so pricing should be less.

For those looking into using One Identity Active Roles, my advice is that for time-consuming manual work, One Identity Active Roles can save time and reduce human errors. It is much easier, much more secure, and more efficient for organizations. I would rate this review a nine overall.

One Identity Active Roles is used primarily to simplify and automate Active Directory user and permission management. The solution automates routine tasks such as account creation, password reset, and permission assignments. It improves security by controlling access and providing auditing capability. A centralized dashboard allows for efficient management of users and permissions from one place.

One Identity Active Roles automates repetitive tasks that would otherwise require manual effort and time. When onboarding new employees, the tool automatically creates user accounts based on predefined templates. It assigns the correct group membership and permissions according to the employee role without manual intervention. This automation reduces errors and speeds up the processes.

One Identity Active Roles ensures that security policies are consistent across the organization.

One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.

The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.

One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.

One Identity Active Roles can be improved by simplifying the setup process since a small team in a small business requires implementation without extensive IT support. Additionally, the pricing could be more flexible or tiered to better fit the budget of a smaller organization.

I have used One Identity Active Roles for around one to two months.

One Identity Active Roles is stable.

My rating customer service rating is 5.

Neutral

Planning carefully for the initial setup is important as it can be complex and time-consuming. Ensure that there is access to expertise in Active Directory. The review rating for One Identity Active Roles is 9.

My use case is for task automation, such as user provisioning, deprovisioning, delegation provisioning, and rights delegation. It simplifies the management of users and groups.

Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. 

Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. 

Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly.

The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer.

The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. 

The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it.

It's helped increase operational efficiency by 50%.

It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively.

We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access.

It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times.  

We've just integrated with our HR system. It helps us follow activated and deactivated users. 

I'd rate the granular controls on offer ten out of ten.

We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface. 

The possibility to request group membership, similar to the past, was disabled and moved to Identity Manager. That would be coming back in six months.

Additional documentation about the Angular web interface is also needed.

I have used the solution for ten years.

I encountered some problems in the past with the system, not just with our infrastructure but also on the customer side. There were some software bugs. 

Overall, on a scale of one to ten, I would rate it at eight and a half to nine. There were no major problems with One Identity Active Roles.

I'd rate scalability ten out of ten. 

It's rate support ten out of ten. 

Positive

I've been working with the system for so many years, it's very simple and easy. It's one of the best solutions. There are a few things missing, however, I prefer it and if it fills in the existing gaps, it would be the best option on the market.

The installation is quite easy and involves only a few clicks to have One Identity Active Roles up and running. The hard part begins with the configuration: creating workflows, permissions, provisioning, deprovisioning workflows, policies, and so on. Nevertheless, it is quite straightforward, and the documentation is very clear and simple.

There is a bit of maintenance needed. It's not just install and forget. You need to check the logs and make sure services are up and running. It's not time-consuming. It's very simple. 

I am working on the partner side of One Identity. I have implemented One Identity Active Roles in several organizations. The longest implementation took two weeks, and the shortest was three days.

The solution saves manpower and time for network administrators, offering a significant return on investment. One Identity Active Roles provides excellent reporting and auditing functionality, allowing administrators to track permissions, actions, and responsibilities effectively.

We've likely seen a 30% ROI.

I would rate the setup cost ten out of ten. It is quite expensive, costing more than 50 euros per identity. While it is worth the price, not many companies are willing to pay such an amount of money.

I'm a One Identity partner. Our clients range from small to enterprises. Customers range from 50 to 30,000 people. 

If there is any mess in Active Directory, like excessive delegations and errors, One Identity Active Roles will help clean it up and simplify work. It allows administrators to confidently ensure everything is configured correctly in Active Directory, securing it effectively. 

I rate the product nine out of ten.

One Identity Active Roles is used in our day-to-day operations to manage Active Directory in a controlled and automated way. The solution handles user accounts, groups, and permissions effectively.

In a real scenario, when a new user joins our organization, we use a template in One Identity Active Roles, and the user automatically receives the correct groups and permissions. When an employee leaves our organization, their account is automatically disabled.

One Identity Active Roles offers multiple best features that provide a good experience in our real-time environment. The delegation of admin tasks is a primary feature. Instead of giving full access to everyone, we assign specific permissions based on roles. For the IT team, we do not need to provide full access.

Since we have implemented One Identity Active Roles, we have seen significant improvements. The process is truly helpful and has positively impacted our environment. We have experienced faster user management, better control over Active Directory, reduced errors, and improved security.

One Identity Active Roles is a very powerful and effective solution that helps us in a positive way. The initial setup took almost one month, and reducing this timeframe further would be beneficial for implementation.

I have been working in my current field for more than two years.

One Identity Active Roles is very stable.

The initial setup took almost one month.

We have not evaluated other options before choosing One Identity Active Roles.

One Identity Active Roles enables faster user management because the user account is automatically fetched from HR tools, eliminating manual intervention from the IT team. This has resulted in a fifty to sixty percent reduction in manual time compared to our previous process. Human errors have been reduced by ninety-nine percent as there is no longer human error in the process.

My advice for those looking to implement One Identity Active Roles for centralized Active Directory management with user control is to consider this solution, as it will significantly help your organization. I have provided this review a rating of ten out of ten.

My use case is to gain better visibility into what has happened in One Identity Active Roles. It is to automate processes. When people are leaving, joining, or changing roles in our business, it is done automatically without manual work.

We've eased the burden on the support desk and limited the risk on them. We've also limited the need for domain administrators. We now have a better view of what is going on in Active Directory. If there's an inside malicious user, we can root them out.

The feature I appreciate most about the solution is the ability to lock down Active Directory Roles granularly. For instance, our support personnel can only change passwords for users; the only thing they can change in the user object is the password. They cannot alter anything else. This allows us to manage multiple One Identity Active Roles from a single pane of glass. We're very satisfied with the granularity.

We have eased the burden on the support desk and reduced the risk of them doing something they shouldn't. We have limited the use of domain administrators and gained a better view of what is happening in One Identity Active Roles. It is easier to find rogue and malicious users, and end users can now request access through the web interface instead of creating a ticket.

We've lowered the amount of privileged accounts. We can have support staff that have privileged access however, we've limited privileges so that they can only do what they are meant to do in the directory.

Active Roles helped reduce our identity-based breaches. I don't have a number of how many. It's maybe between 10% and 20%. Now, we know what users we actually have in our IT directory. It has helped us to find the dormant users that we don't need anymore.

It's improved our security posture. It has limited access to our crown jewels, where all our identities lie within Active Directory. It's not a stand-alone product. It doesn't fix everything. However, it does help to the overall security posture. Before, we had domain admins logging directly into our directory user's computers, and doing stuff. They don't do that anymore. We've limited priveledges. The directory is more secure today and we have better visibility.

The user interface needs to be more modern and scalable. There are certain screen resolutions where the product is unusable. In today's environment, where we work with different sizes of monitors and screen resolutions, it is problematic if connecting to a certain monitor renders One Identity Active Roles unusable due to resolution issues. This should not be a concern in modern times, as the interface should automatically scale based on the resolution. This is the most significant drawback of the user interface.

I have used the solution for less than a year.

We haven't had any glitches. If I rate it out of ten, there is no room for improvement, so I will keep it at nine.

It is satisfactory for our needs. I would assume that if you are a major enterprise customer, it is a matter of scaling out on resources with more memory, disk, and CPU power. We haven't seen any issue with scalability.

We have less than 100 people using the solution. We are in a singular location. 

We used native Microsoft Active Directory. We just used native solutions.

Implementing it was straightforward, and it depends on how much you want to do. It was easier than I imagined. Also, the visibility into the deployment and whatever has been enabled is excellent.

There is some maintenance. Whenever there are new updates, we can look in to see if there are any new features we would like to have, and then we can update it. The update is rather straightforward. We simply download the installation file and then click next, next, next, and then we're up and running with the new version. It's rather straightforward.

It has saved 90% of the time compared to before. It is not expensive, yet not as cheap as I would prefer. I see it as insurance, and I have peace of mind, knowing that I pay an insurance price with a lower premium. We have a better security posture, with better feedback from end users requesting access. Although we have higher spending costs and haven't reduced staff, wrongdoing is reduced, uptime is better, and users can still use the systems. We have made operations more efficient, made end users happier, and improved our IT environment.

The solution is not expensive, yet not as cheap as I would like it to be. 

We used One Identity from the beginning. We chose them due to a one-vendor strategy, as we also use Safeguard, and they integrate very well.

If there is a colleague who wants to manage Active Directory without an identity and access management solution, I would ask: "do you actually know what's going on in the Active Directory? What delegated control have you given, and what is the visibility of the delegated controls? What naming standards do you have for departments, for office locations, for cities? How do you make sure that you can only select the already predefined locations? Also, what kind of business are you in? Are you hit by we're not hit by dollar, but are you hit by dollar? Are you hit by NIST two? Are you hit by SOX? What compliance requirements do you actually have?" Roles fits very nicely in that role with some of these regulations and compliance issues you need to address.

Depending on company size, even with fewer identities, it might be essential for highly regulated industries like finance. Having a product like One Identity Active Roles allows centralized management and limits what delegated users can do. In native Active Directory, delegation could grant too many rights, but now it permits granular delegation, such as allowing a support user to change passwords only. This level of control is beneficial for multiple companies, as harming the directory can hurt the business. 

I rate the product nine out of ten.

One Identity Active Roles is used day to day for centralized user management and user provisioning, group management, enforcing role-based access control, creating automated users, and notifications. One Identity Active Roles is used for managing group membership and controlling access efficiently.

Organizations having multiple employees can consider this solution to manage their employees' usernames and credentials, onboard users, and manage their access. I highly recommend all organizations to consider this as one of the best solutions.

The best feature is the role-based access control feature, which secures delegation without giving full admin rights to any users. The central management is also valuable, as it gives a single unified console to manage the entire AD environment.

This solution saves time through user onboarding and removes concerns about security, as all these aspects are managed by One Identity Active Roles. Users receive access based on their role, the onboarding process is simpler, and manual user lifecycle management has been reduced.

The initial setup is a bit complex for new engineers, so that could be simplified.

I have been using One Identity Active Roles for more than two years.

One Identity Active Roles is pretty stable.

The initial setup was easy and the licensing is also simpler. I was not involved in the cost, so I cannot comment on the costing.

The solution has resulted in money saved and time saved. It has really saved the organization money.

One Identity Active Roles is a great solution, which is why I have chosen a rating of nine for this review, with one point reserved for future enhancement of the solution.

The main use case is the Active Directory delegation. We have many different entities within our organization, and we needed to delegate some Active Directory capabilities, such as creating users, updating users, deleting users, groups, and computers.

The access templates help set up granular permissions and the web portal to manage Active Directory. Active Directory is usually managed through a heavy console, and using One Identity Active Roles allows it to be managed through any internet browser. Additionally, it helps in removing custom Active Directory delegation, which enhances security by eliminating unnecessary privileges, addressing identity-based breaches by reducing the number of Active Directory delegations.

One area for improvement would be the Entra ID side, including better delegation for Entra ID objects and more granular permissions. We would also like to see better Entra ID license management using virtual pool management, given that the current setup is custom-made, and having this feature built-in would be beneficial. The web interface could also be improved, though it's ongoing.

The solution has been in place for the last fifteen to seventeen years, but I have been using it for the last eight years since joining the company.

The stability of One Identity Active Roles is rated seven. There are performance issues sometimes, but restarting services usually resolves them.

The solution is scalable. It is rated nine in terms of scalability.

Customer support is rated six. Sometimes having a fix for a bug takes too much time. While in production, issues tend to take a while to resolve.

Neutral

The initial setup is quite easy. The deployment is not long, but the extensive customization, such as virtual pool licenses, takes a bit of time, about a week.

The product is expensive, but if you want to save money, the delegation set-up process is quite easy. After setting up Active Roles once, defining the delegation model, it is very efficient, almost like copy-paste.

CoreView offers better Entra ID delegation. They conducted a study and found that CoreView has better features than One Identity Active Roles in terms of Entra ID delegation.

I would definitely recommend One Identity Active Roles because it allows the delegation of Active Directory through a web portal instead of a console. Additionally, while the Entra ID part requires improvements, it can still delegate Entra ID objects. I rate the overall solution an 8 out of 10.

We use One Identity Active Roles for the delegation of Active Directory administration to local entities.

It has helped improve our organization by delegating day to day tasks to entities, allowing gains in time to market for AD related tasks, and also allowing to reduce time and effort spent globally.

The most valuable features are the access templates, which allow for granular permissions, and the policies that provide a framework for usage and standardization across entities. The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface. It helps us ensure that entities do not make any mistakes by hiding those capabilities directly in the tools with the access templates.

There are areas for improvement in One Identity Active Roles that include updating the web interface, creating an API accessible from the web, and improving overall performance, as it can be slow at times. But all of those are already in the development roadmap.

We have been using One Identity Active Roles since 2011, which amounts to fourteen years.

I would rate the stability as a seven because there are sometimes performance issues, which require restarting the services. This affects stability.

The solution is highly scalable, with a scalability rating of nine. It effectively handles 150,000 users.

I rate customer service and support as a seven because, although they are helpful when needed, there can be delays in responding to tickets and finding necessary fixes.

Neutral

There was no previous solution in place before, as One Identity Active Roles was already implemented when I joined.

The initial setup was straightforward but took months due to the detailed design required for the access templates.

In house.

I estimate the return on investment (ROI) to be about fifteen percent.

The pricing of One Identity Active Roles is expensive, but the return on investment justifies the cost, allowing for savings in other areas.

I would recommend One Identity Active Roles due to its straightforward delegation capabilities, comprehensive management of Active Directory objects, an excellent PowerShell cmdlet suite for scripting, and a robust change history feature for auditing. The overall solution is rated as eight out of ten.