Try our new research platform with insights from 80,000+ expert users

One Identity Active Roles vs OneLogin by One Identity comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jan 5, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

One Identity Active Roles
Ranking in User Provisioning Software
5th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
21
Ranking in other categories
Active Directory Management (5th), Non-Human Identity Management (NHIM) (5th)
OneLogin by One Identity
Ranking in User Provisioning Software
6th
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
17
Ranking in other categories
Single Sign-On (SSO) (9th), Identity Management (IM) (12th), Identity and Access Management as a Service (IDaaS) (IAMaaS) (10th), Access Management (8th)
 

Mindshare comparison

As of April 2025, in the User Provisioning Software category, the mindshare of One Identity Active Roles is 4.2%, down from 4.4% compared to the previous year. The mindshare of OneLogin by One Identity is 1.0%, down from 1.1% compared to the previous year. It is calculated based on PeerSpot user engagement data.
User Provisioning Software
 

Featured Reviews

Neera Jain - PeerSpot reviewer
Requires minimal training and provides granular control
The granular control has been very helpful for us. We want to be able to control what level users have access to. It is possible to control access levels at the organizational unit or even the attribute level, making it helpful for us. Active Roles helped increase operational efficiency in our organization. We have delegated user provisioning to the help desk so they can create users or manage accounts. We have delegated group management to identified group owners who can manage their groups. Some of them just need read-only access to AD; they do not need to download the native tools. They can just do it via a browser. Active Roles has helped our organization reduce the number of erroneous privileged accounts. We have set the templates, and we have set the standards. It helps standardize all the naming conventions and how they are provisioned with the rules. That is definitely very helpful. We use the change history to see who might have modified what object. We have that tracking, but we use a tool from Quest called Change Auditor that can do the auditing to figure out who did what type of thing for auditing.
Pete Snell - PeerSpot reviewer
Staff and students can now reset their passwords using their enrolled two-factor device as the authentication mechanism
We've been a OneLogin customer for several years now. While I like the platform, there have been some challenges. A great example is the amount of work needed with that webhook for the enrollment user experience. This functionality is native to some competing products. That's one area where we've leaned on our account rep over the years. They shouldn't rely on the customer to make this experience better. This is one feature request that hasn't been implemented yet. At the same time, they've implemented other features we've requested. One is the ability to use a personal email address as a factor. Initially, they didn't have that. We pushed hard on our account team for about two years before it was finally released. It's a give-and-take. Some of the product's features aren't perfect, but we've had some success pushing fixes to the development team that needs to happen. They've done a decent job. However, there are some fixes that they don't have an interest in. A lot of what I described was before OneLogin was acquired by Quest/One Identity. Things have changed. It doesn't feel like they're driving the product as OneLogin was. It may be because it's a new product to them, and they're still trying to get the lay of the land, process feature requests, etc., but it's not moving as fast as before. We've been experiencing some pain points since the acquisition. For example, there have been some outages we didn't see previously, which are a big topic with my executive team. You have hundreds of applications relying on this service for login. If the service is unavailable, nobody can log into these applications. The issues have high visibility. It's gotten better, but it's still there. It raises questions about whether One Identity can support the platform they've acquired. How are they enhancing the product? And how are they supporting the product and the service in the future? Those are two essential questions. There are also lots of nice-to-haves, but that's the case with any product.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Secure access is the most valuable feature."
"With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems."
"Because of Active Roles, we're able to synchronize on an even more regular basis. It enables us to provide even more information to the Active Directory, which helped us to group our users in a more consistent manner."
"Instead of deleting accounts, we like the deprovision option so that we can reverse any accidental deletions. It also gives a higher level of quality control in terms of enforcing any number of variables, such as making sure that an account has a description entered before the account can be created. We can backtrack and know the history of it that way."
"The biggest thing for us is Active Roles saves a lot of man-hours in keeping groups up-to-date manually or trying to write some sort of script that you have to run, so we don't have to reinvent the wheel. Instead of when every time somebody joins a department, then somebody has to remember to put in a request to add "meet user Joe" to this group, the solution does it automatically for us. Therefore, it saves our business and IT staff time because they do not have to process requests since Active Role can do it for them."
"Active Roles helped increase operational efficiency in our organization."
"It gives us attribute-level control and the AD management features work very well."
"It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
"When it comes to access management, the solution's single pane of glass is extremely important. The single pane of glass for access management enables collaborative work between IT and security. We have access to certain applications that require device trust. Based on the role, we can access those applications through OneLogin Desktop."
"One aspect I particularly appreciate is their exceptional customer support whenever I've needed assistance."
"OneLogin is efficient."
"The most valuable feature is the ease with which we can manage the sign-on feature."
"The single sign-on and the fact that we can integrate everything in one place and control from there were valuable features of this solution."
"Ease of integration with AD."
"The solution allows the user to search logs based on a specific time."
"Simplicity is the most valuable part of OneLogin."
 

Cons

"In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rule sets."
"The initial setup was quite easy, but it was time-consuming. It took about three months."
"It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."
"Most of the time it just works."
"For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."
"There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface."
"There are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing them, they're probably working on them."
"The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint."
"I would like better reporting from SmartFactor Authentication when a user is not able to sign in due to a new location, new IP, new device, et cetera."
"In terms of managing the users on a large scale, it would be easier if they had some kind of user management portal."
"While I initially used OneLogin's desktop feature to extend SSO, I discontinued it two years ago due to limitations."
"To offboard, you have to manually click on this checklist, each of the checkmarks. It would actually be really nice if, for offboarding someone, you just click "offboard" and it automatically runs a script to do that."
"The solution keeps going down for many hours, which impacts the entire company. You can't access any applications. OneLogin Desktop has a huge problem where it locks your computers and you need to reset the whole computer, which is pretty insane."
"They have downtime twice a year or once in six months. During the downtime, the SSO page did not come up. When users wanted to get to their email, they were redirected to the OneLogin page, but the page did not come up, and MFA and logins failed. It completely crippled us."
"The tool must be made more robust."
"OneLogin needs to increase the number of connectors available out of the box to connect to the different endpoints. The number of out-of-box connectors should be increased."
 

Pricing and Cost Advice

"The pricing is on the higher end."
"It's fairly priced."
"The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants."
"It's expensive."
"The licensing model is a simple user-based model, not that much complicated."
"The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment."
"The pricing for Active Roles is expensive but not as expensive as other solutions like Okta."
"The pricing and licensing are reasonable. It is much cheaper than other products."
"OneLogin's pricing, from the perspective of the education sector, seems quite reasonable for the value it delivers."
"It was cheap in the beginning, and then it became very expensive. We were initially charged $2 per user per month, which was fine, but by the second year, they increased it to $5 per user. That became very expensive for us because we had about 1,500 users. At $2 per user, it comes out to be $3,000 a month, which is $36,000 a year. If we move to $5 per user, it comes out to be $7,500 a month. That made its cost so high. That is why we removed the product because the cost was high."
"The price of the licensing is fine."
"Surprisingly expensive given the price of on-premise solutions."
"The pricing for OneLogin seems to be okay. The pricing and licensing are affordable. If you'd consider OneLogin to be expensive, it's worth it."
"While I wish OneLogin's pricing was more affordable, their licensing model, which is based on per user, is acceptable."
"We were happy with the price we got when we signed up, but I don't know what will happen when the time comes to renew because it is a different company now. We haven't seen any pricing models or had that discussion yet. My renewal is a year and a half away. It's worth what we're paying for it. There's no way we could provide the level of service for cheaper or try to do the same in-house."
report
Use our free recommendation engine to learn which User Provisioning Software solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
12%
Government
8%
Healthcare Company
8%
Computer Software Company
26%
Financial Services Firm
8%
Retailer
6%
Construction Company
5%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What is your experience regarding pricing and costs for One Identity Active Roles?
The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.
What needs improvement with One Identity Active Roles?
There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.
What needs improvement with OneLogin by One Identity?
There have been some outages over the years. The uptime has not been great recently, with some outages lasting six, seven, or eight hours. Improvement in the stability of the infrastructure would b...
What is your primary use case for OneLogin by One Identity?
We use OneLogin by One Identity to provide SAML authentication and single sign-on for all of our SaaS apps.
 

Also Known As

Quest Active Roles
OneLogin, OneLogin Workforce Identity
 

Overview

 

Sample Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies
OneLogin has thousands of customers across multiple industries and from around the globe such as Uber, Airbnb, Noom, Petco, Sony, Lucky Brand, Tesco, Airbus, Japan Airlines, Aetna, Compass, Kaplan, Susan G. Komen, AAA and PennyMac.
Find out what your peers are saying about One Identity Active Roles vs. OneLogin by One Identity and other solutions. Updated: March 2025.
842,767 professionals have used our research since 2012.