Try our new research platform with insights from 80,000+ expert users

One Identity Active Roles vs OneLogin by One Identity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

One Identity Active Roles
Ranking in User Provisioning Software
5th
Average Rating
8.6
Reviews Sentiment
7.2
Number of Reviews
25
Ranking in other categories
Active Directory Management (5th), Non-Human Identity Management (NHIM) (5th)
OneLogin by One Identity
Ranking in User Provisioning Software
6th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
17
Ranking in other categories
Single Sign-On (SSO) (9th), Identity Management (IM) (12th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (10th), Access Management (8th)
 

Mindshare comparison

As of April 2025, in the User Provisioning Software category, the mindshare of One Identity Active Roles is 4.2%, down from 4.4% compared to the previous year. The mindshare of OneLogin by One Identity is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Provisioning Software
 

Featured Reviews

Grzegorz Kosela - PeerSpot reviewer
Task automation simplifies user and delegation management while offering a customizable interface
Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly. The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer. The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it. It's helped increase operational efficiency by 50%. It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively. We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access. It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times. We've just integrated with our HR system. It helps us follow activated and deactivated users. I'd rate the granular controls on offer ten out of ten. We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface.
Pete Snell - PeerSpot reviewer
Staff and students can now reset their passwords using their enrolled two-factor device as the authentication mechanism
We've been a OneLogin customer for several years now. While I like the platform, there have been some challenges. A great example is the amount of work needed with that webhook for the enrollment user experience. This functionality is native to some competing products. That's one area where we've leaned on our account rep over the years. They shouldn't rely on the customer to make this experience better. This is one feature request that hasn't been implemented yet. At the same time, they've implemented other features we've requested. One is the ability to use a personal email address as a factor. Initially, they didn't have that. We pushed hard on our account team for about two years before it was finally released. It's a give-and-take. Some of the product's features aren't perfect, but we've had some success pushing fixes to the development team that needs to happen. They've done a decent job. However, there are some fixes that they don't have an interest in. A lot of what I described was before OneLogin was acquired by Quest/One Identity. Things have changed. It doesn't feel like they're driving the product as OneLogin was. It may be because it's a new product to them, and they're still trying to get the lay of the land, process feature requests, etc., but it's not moving as fast as before. We've been experiencing some pain points since the acquisition. For example, there have been some outages we didn't see previously, which are a big topic with my executive team. You have hundreds of applications relying on this service for login. If the service is unavailable, nobody can log into these applications. The issues have high visibility. It's gotten better, but it's still there. It raises questions about whether One Identity can support the platform they've acquired. How are they enhancing the product? And how are they supporting the product and the service in the future? Those are two essential questions. There are also lots of nice-to-haves, but that's the case with any product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"The solution is stable."
"The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"It is very intuitive and close to the native tools. Since it is web-based, it does not require extensive training for our end users."
"It is an easier way for me to manage Active Directory with more advanced features."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"It gives us attribute-level control and the AD management features work very well."
"The solution's ability to save and manage of all my passwords is great."
"Once I made the OneLogin ID, it would essentially make user names and passwords for every application that we had."
"Simplicity is the most valuable part of OneLogin."
"The single sign-on and the fact that we can integrate everything in one place and control from there were valuable features of this solution."
"It's super useful to have a single pane of glass when it comes to access management."
"The most valuable feature is the ease with which we can manage the sign-on feature."
"OneLogin is efficient."
"Documentation."
 

Cons

"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"The user interface needs to be more modern and scalable. There are certain screen resolutions where the product is unusable."
"For mid-sized to small companies, I do not know if it would be that useful, considering the tool's purpose."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"Customer support is rated six. Sometimes having a fix for a bug takes too much time. While in production, issues tend to take a while to resolve."
"I know they have increased support for Entra ID and mentioned providing support for AWS. A way to connect to various directories and integrate with cloud directories would be beneficial."
"The possibility to request group membership, similar to the past, was disabled and moved to Identity Manager."
"There are areas for improvement in One Identity Active Roles that include updating the web interface, creating an API accessible from the web, and improving overall performance, as it can be slow at times."
"The solution keeps going down for many hours, which impacts the entire company. You can't access any applications. OneLogin Desktop has a huge problem where it locks your computers and you need to reset the whole computer, which is pretty insane."
"The tool must be made more robust."
"We've been experiencing some pain points since the acquisition. For example, there have been some outages we didn't see previously, which are a big topic with my executive team. You have hundreds of applications relying on this service for login. If the service is unavailable, nobody can log into these applications."
"The uptime has not been great recently, with some outages lasting six, seven, or eight hours."
"To offboard, you have to manually click on this checklist, each of the checkmarks. It would actually be really nice if, for offboarding someone, you just click "offboard" and it automatically runs a script to do that."
"They have downtime twice a year or once in six months. During the downtime, the SSO page did not come up. When users wanted to get to their email, they were redirected to the OneLogin page, but the page did not come up, and MFA and logins failed. It completely crippled us."
"More off-hour support."
"OneLogin needs to increase the number of connectors available out of the box to connect to the different endpoints. The number of out-of-box connectors should be increased."
 

Pricing and Cost Advice

"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."
"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."
"The licensing model is a simple user-based model, not that much complicated."
"It's fairly priced."
"It's expensive."
"The pricing is on the higher end."
"The price of the licensing is fine."
"It was cheap in the beginning, and then it became very expensive. We were initially charged $2 per user per month, which was fine, but by the second year, they increased it to $5 per user. That became very expensive for us because we had about 1,500 users. At $2 per user, it comes out to be $3,000 a month, which is $36,000 a year. If we move to $5 per user, it comes out to be $7,500 a month. That made its cost so high. That is why we removed the product because the cost was high."
"The pricing and licensing are reasonable. It is much cheaper than other products."
"While I wish OneLogin's pricing was more affordable, their licensing model, which is based on per user, is acceptable."
"We were happy with the price we got when we signed up, but I don't know what will happen when the time comes to renew because it is a different company now. We haven't seen any pricing models or had that discussion yet. My renewal is a year and a half away. It's worth what we're paying for it. There's no way we could provide the level of service for cheaper or try to do the same in-house."
"The pricing for OneLogin seems to be okay. The pricing and licensing are affordable. If you'd consider OneLogin to be expensive, it's worth it."
"Surprisingly expensive given the price of on-premise solutions."
"OneLogin's pricing, from the perspective of the education sector, seems quite reasonable for the value it delivers."
report
Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.
849,190 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
12%
Healthcare Company
7%
Manufacturing Company
7%
Computer Software Company
25%
Financial Services Firm
8%
Retailer
5%
Government
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for One Identity Active Roles?
The product is expensive, but if you want to save money, the delegation set-up process is quite easy. After setting up Active Roles once, defining the delegation model, it is very efficient, almost...
What needs improvement with One Identity Active Roles?
One area for improvement would be the Entra ID side, including better delegation for Entra ID objects and more granular permissions. We would also like to see better Entra ID license management usi...
What needs improvement with OneLogin by One Identity?
There have been some outages over the years. The uptime has not been great recently, with some outages lasting six, seven, or eight hours. Improvement in the stability of the infrastructure would b...
What is your primary use case for OneLogin by One Identity?
We use OneLogin by One Identity to provide SAML authentication and single sign-on for all of our SaaS apps.
 

Also Known As

Quest Active Roles
OneLogin, OneLogin Workforce Identity
 

Overview

 

Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
OneLogin has thousands of customers across multiple industries and from around the globe such as Uber, Airbnb, Noom, Petco, Sony, Lucky Brand, Tesco, Airbus, Japan Airlines, Aetna, Compass, Kaplan, Susan G. Komen, AAA and PennyMac.
Find out what your peers are saying about One Identity Active Roles vs. OneLogin by One Identity and other solutions. Updated: April 2025.
849,190 professionals have used our research since 2012.