Try our new research platform with insights from 80,000+ expert users

One Identity Active Roles vs OneLogin by One Identity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

One Identity Active Roles
Ranking in User Provisioning Software
5th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
22
Ranking in other categories
Active Directory Management (5th), Non-Human Identity Management (NHIM) (5th)
OneLogin by One Identity
Ranking in User Provisioning Software
6th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
17
Ranking in other categories
Single Sign-On (SSO) (9th), Identity Management (IM) (12th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (10th), Access Management (8th)
 

Mindshare comparison

As of April 2025, in the User Provisioning Software category, the mindshare of One Identity Active Roles is 4.2%, down from 4.4% compared to the previous year. The mindshare of OneLogin by One Identity is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Provisioning Software
 

Featured Reviews

Neera Jain - PeerSpot reviewer
Requires minimal training and provides granular control
The granular control has been very helpful for us. We want to be able to control what level users have access to. It is possible to control access levels at the organizational unit or even the attribute level, making it helpful for us. Active Roles helped increase operational efficiency in our organization. We have delegated user provisioning to the help desk so they can create users or manage accounts. We have delegated group management to identified group owners who can manage their groups. Some of them just need read-only access to AD; they do not need to download the native tools. They can just do it via a browser. Active Roles has helped our organization reduce the number of erroneous privileged accounts. We have set the templates, and we have set the standards. It helps standardize all the naming conventions and how they are provisioned with the rules. That is definitely very helpful. We use the change history to see who might have modified what object. We have that tracking, but we use a tool from Quest called Change Auditor that can do the auditing to figure out who did what type of thing for auditing.
Pete Snell - PeerSpot reviewer
Staff and students can now reset their passwords using their enrolled two-factor device as the authentication mechanism
We've been a OneLogin customer for several years now. While I like the platform, there have been some challenges. A great example is the amount of work needed with that webhook for the enrollment user experience. This functionality is native to some competing products. That's one area where we've leaned on our account rep over the years. They shouldn't rely on the customer to make this experience better. This is one feature request that hasn't been implemented yet. At the same time, they've implemented other features we've requested. One is the ability to use a personal email address as a factor. Initially, they didn't have that. We pushed hard on our account team for about two years before it was finally released. It's a give-and-take. Some of the product's features aren't perfect, but we've had some success pushing fixes to the development team that needs to happen. They've done a decent job. However, there are some fixes that they don't have an interest in. A lot of what I described was before OneLogin was acquired by Quest/One Identity. Things have changed. It doesn't feel like they're driving the product as OneLogin was. It may be because it's a new product to them, and they're still trying to get the lay of the land, process feature requests, etc., but it's not moving as fast as before. We've been experiencing some pain points since the acquisition. For example, there have been some outages we didn't see previously, which are a big topic with my executive team. You have hundreds of applications relying on this service for login. If the service is unavailable, nobody can log into these applications. The issues have high visibility. It's gotten better, but it's still there. It raises questions about whether One Identity can support the platform they've acquired. How are they enhancing the product? And how are they supporting the product and the service in the future? Those are two essential questions. There are also lots of nice-to-haves, but that's the case with any product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It gives us attribute-level control and the AD management features work very well."
"The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"It is an easier way for me to manage Active Directory with more advanced features."
"Secure access is the most valuable feature."
"The most valuable feature is the ease with which we can manage the sign-on feature."
"The solution's ability to save and manage of all my passwords is great."
"OneLogin is efficient."
"The solution allows the user to search logs based on a specific time."
"It's super useful to have a single pane of glass when it comes to access management."
"One aspect I particularly appreciate is their exceptional customer support whenever I've needed assistance."
"When it comes to access management, the solution's single pane of glass is extremely important. The single pane of glass for access management enables collaborative work between IT and security. We have access to certain applications that require device trust. Based on the role, we can access those applications through OneLogin Desktop."
"Ease of integration with AD."
 

Cons

"There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface."
"It's a fairly stable product but not perfectly reliable."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"I know they have increased support for Entra ID and mentioned providing support for AWS. A way to connect to various directories and integrate with cloud directories would be beneficial."
"There are areas for improvement in One Identity Active Roles that include updating the web interface, creating an API accessible from the web, and improving overall performance, as it can be slow at times."
"When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow."
"Most of the time it just works."
"To offboard, you have to manually click on this checklist, each of the checkmarks. It would actually be really nice if, for offboarding someone, you just click "offboard" and it automatically runs a script to do that."
"The tool must be made more robust."
"More off-hour support."
"OneLogin offers a Virtual LDAP feature that we utilize, although it differs slightly from traditional LDAP servers."
"While I initially used OneLogin's desktop feature to extend SSO, I discontinued it two years ago due to limitations."
"I'd like OneLogin to have a customization section that displays the company's offerings, categorized by different topics."
"having a RESTful implementation instead of RPC would have been more desirable."
"In terms of managing the users on a large scale, it would be easier if they had some kind of user management portal."
 

Pricing and Cost Advice

"The licensing model is a simple user-based model, not that much complicated."
"It's fairly priced."
"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."
"It's expensive."
"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."
"The pricing is on the higher end."
"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
"The pricing for OneLogin seems to be okay. The pricing and licensing are affordable. If you'd consider OneLogin to be expensive, it's worth it."
"It was cheap in the beginning, and then it became very expensive. We were initially charged $2 per user per month, which was fine, but by the second year, they increased it to $5 per user. That became very expensive for us because we had about 1,500 users. At $2 per user, it comes out to be $3,000 a month, which is $36,000 a year. If we move to $5 per user, it comes out to be $7,500 a month. That made its cost so high. That is why we removed the product because the cost was high."
"We were happy with the price we got when we signed up, but I don't know what will happen when the time comes to renew because it is a different company now. We haven't seen any pricing models or had that discussion yet. My renewal is a year and a half away. It's worth what we're paying for it. There's no way we could provide the level of service for cheaper or try to do the same in-house."
"OneLogin's pricing, from the perspective of the education sector, seems quite reasonable for the value it delivers."
"Surprisingly expensive given the price of on-premise solutions."
"While I wish OneLogin's pricing was more affordable, their licensing model, which is based on per user, is acceptable."
"The price of the licensing is fine."
"The pricing and licensing are reasonable. It is much cheaper than other products."
report
Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.
845,040 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
12%
Government
8%
Healthcare Company
8%
Computer Software Company
26%
Financial Services Firm
8%
Retailer
6%
Construction Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for One Identity Active Roles?
The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.
What needs improvement with One Identity Active Roles?
There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.
What needs improvement with OneLogin by One Identity?
There have been some outages over the years. The uptime has not been great recently, with some outages lasting six, seven, or eight hours. Improvement in the stability of the infrastructure would b...
What is your primary use case for OneLogin by One Identity?
We use OneLogin by One Identity to provide SAML authentication and single sign-on for all of our SaaS apps.
 

Also Known As

Quest Active Roles
OneLogin, OneLogin Workforce Identity
 

Overview

 

Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
OneLogin has thousands of customers across multiple industries and from around the globe such as Uber, Airbnb, Noom, Petco, Sony, Lucky Brand, Tesco, Airbus, Japan Airlines, Aetna, Compass, Kaplan, Susan G. Komen, AAA and PennyMac.
Find out what your peers are saying about One Identity Active Roles vs. OneLogin by One Identity and other solutions. Updated: March 2025.
845,040 professionals have used our research since 2012.