One Identity Active Roles Reviews

The main use case is the Active Directory delegation. We have many different entities within our organization, and we needed to delegate some Active Directory capabilities, such as creating users, updating users, deleting users, groups, and computers.

The access templates help set up granular permissions and the web portal to manage Active Directory. Active Directory is usually managed through a heavy console, and using One Identity Active Roles allows it to be managed through any internet browser. Additionally, it helps in removing custom Active Directory delegation, which enhances security by eliminating unnecessary privileges, addressing identity-based breaches by reducing the number of Active Directory delegations.

One area for improvement would be the Entra ID side, including better delegation for Entra ID objects and more granular permissions. We would also like to see better Entra ID license management using virtual pool management, given that the current setup is custom-made, and having this feature built-in would be beneficial. The web interface could also be improved, though it's ongoing.

The solution has been in place for the last fifteen to seventeen years, but I have been using it for the last eight years since joining the company.

The stability of One Identity Active Roles is rated seven. There are performance issues sometimes, but restarting services usually resolves them.

The solution is scalable. It is rated nine in terms of scalability.

Customer support is rated six. Sometimes having a fix for a bug takes too much time. While in production, issues tend to take a while to resolve.

Neutral

The initial setup is quite easy. The deployment is not long, but the extensive customization, such as virtual pool licenses, takes a bit of time, about a week.

The product is expensive, but if you want to save money, the delegation set-up process is quite easy. After setting up Active Roles once, defining the delegation model, it is very efficient, almost like copy-paste.

CoreView offers better Entra ID delegation. They conducted a study and found that CoreView has better features than One Identity Active Roles in terms of Entra ID delegation.

I would definitely recommend One Identity Active Roles because it allows the delegation of Active Directory through a web portal instead of a console. Additionally, while the Entra ID part requires improvements, it can still delegate Entra ID objects. I rate the overall solution an 8 out of 10.

We use One Identity Active Roles for the delegation of Active Directory administration to local entities.

It has helped improve our organization by delegating day to day tasks to entities, allowing gains in time to market for AD related tasks, and also allowing to reduce time and effort spent globally.

The most valuable features are the access templates, which allow for granular permissions, and the policies that provide a framework for usage and standardization across entities. The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface. It helps us ensure that entities do not make any mistakes by hiding those capabilities directly in the tools with the access templates.

There are areas for improvement in One Identity Active Roles that include updating the web interface, creating an API accessible from the web, and improving overall performance, as it can be slow at times. But all of those are already in the development roadmap.

We have been using One Identity Active Roles since 2011, which amounts to fourteen years.

I would rate the stability as a seven because there are sometimes performance issues, which require restarting the services. This affects stability.

The solution is highly scalable, with a scalability rating of nine. It effectively handles 150,000 users.

I rate customer service and support as a seven because, although they are helpful when needed, there can be delays in responding to tickets and finding necessary fixes.

Neutral

There was no previous solution in place before, as One Identity Active Roles was already implemented when I joined.

The initial setup was straightforward but took months due to the detailed design required for the access templates.

In house.

I estimate the return on investment (ROI) to be about fifteen percent.

The pricing of One Identity Active Roles is expensive, but the return on investment justifies the cost, allowing for savings in other areas.

I would recommend One Identity Active Roles due to its straightforward delegation capabilities, comprehensive management of Active Directory objects, an excellent PowerShell cmdlet suite for scripting, and a robust change history feature for auditing. The overall solution is rated as eight out of ten.

I am one of the resellers for One Identity Active Roles, so that is the reason I downloaded it.

One Identity Active Roles is generally used in complex IT setups where Active Directory plays a critical role and organizations have many compliances and mandates to be followed. For example, in India, we have many banking customers who are governed by the Reserve Bank. In the US, you have the Central Bank or Federal Bank; in India, we have something called a Reserve Bank. All the big financial sectors have to follow the mandates and compliance provided by them. Identity solutions come into that part as well. So to make sure that everybody has the right amount of access and nobody has all access, One Identity Active Roles plays a critical role over there.

In India, this kind of requirement mainly comes from regulated entities or regulated enterprises. So they prefer the on-premises solution for One Identity Active Roles. We have not had a customer in the past who has gone through the cloud solution. They want everything to be hosted on their premises. Since I have not come across the cloud-based installation yet, I cannot comment on that piece, but on-premises is what they look for in the current setup which we provide.

One Identity Active Roles brings significant value through its lifecycle management capabilities, which are very good with no complaints or problems at all.

With the inclusion of One Login, which One Identity acquired three or four years back, One Identity Active Roles has gained complete coverage. Earlier, One Identity lacked an IAM solution. They always have had the Active Directory management solution in the form of One Identity Active Roles or through the IGA solution. But with the inclusion of One Login, that has really fulfilled the requirement which customers need from a single vendor. The competition includes SalePoint, Saviynt, and others, including Ping Identity, who is also coming up with an IGA kind of solution. One Identity has been providing it for a very long time, longer than these competitors who have just started realizing all those things and providing a similar kind of solution to the customer. One Login and One Identity provide complete coverage to the customer, which is really helpful.

One Identity Active Roles brings a positive impact to organizations in that they will start realizing the ROI in a much faster manner because the implementation time is very short and it is easy to use. Additionally, since there are many regulated entities which need this kind of solution and in the market there are very few solution providers who can provide this kind of coverage, that is the advantage which One Identity Active Roles has.

If One Identity Active Roles has to be positioned for all customers, not just the entities which are being regulated, then the pricing has to be normalized. There are many solution providers in the market who can do it at a much lesser price. India is a price-sensitive market, and I can speak only for India; I cannot speak for the other part of the world. We have many local vendors who can provide these kinds of solutions. But since One Identity Active Roles is a much more mature product and has been in the market for a very long time, customers have some respect for that and they can pay the premium. But that premium cannot be three times, two times, or beyond three times. So the pricing has to be normalized based on the market. Every market has its own constraints, so the One Identity team should work on that aspect.

I have been reselling One Identity Active Roles for almost seven to eight years.

I have not had a challenge working with One Identity technical support so far. Everything is good, and I can give One Identity technical support a rating of ten.

Positive

I have worked with Microsoft earlier. I started my career with Active Directory, which is the base of providing identity in the older days. Twenty years back, when we talk about identity, it was always Active Directory from Microsoft. So I have worked with them. Now even Microsoft has come up with their own offering called Entra ID, and they are also competing with One Identity or SalePoint in a similar segment.

From the product perspective, deploying One Identity Active Roles is not that much cumbersome or troublesome. It is a very easy deployment. The only thing which we have to generally figure out is the kind of Active Directory infrastructure the customer has, and based on that, we will have to configure the rules or the policies in the tool.

From the product perspective, the installation of One Identity Active Roles will not take much time and the integration with Active Directory itself will not take much time. Installation is hassle-free and not complex at all. The only thing which takes time is the configuration part. When I say configuration, it is mainly from the policies perspective because we have to understand the customer requirement and based on that we have to create all the rules and policies so that we can fulfill all the use cases.

When I say the configuration of One Identity Active Roles, it is basically because of the customer setup and not because of the tool itself. Because you have to create a lot of policies, and those policies need to be created because the customer has that kind of complexity in their setup. Otherwise, this is an easy tool to manage. If the environment is well-configured or well-managed by the customer, then One Identity Active Roles will not take much time.

I do provide deployment for my customers. For deploying One Identity Active Roles, you need one person, and that is more than enough to manage the solution. We have a different team who does the installation of One Identity Active Roles.

One Identity Active Roles has helped my organization increase operational efficiency. Now only the right person has the right access. Not everybody can go and log into Active Directory or the identity management solution which they have directly. One Identity has a theme that they want the right people to have the right set of access, and this is what they are able to provide with their tool.

One Identity Active Roles has helped to reduce the number of erroneous privileged accounts. That is what they want to achieve. When I talk about customers, they do not want any intruders or hackers to get access to their data. This can happen even from a legitimate user if their credentials are compromised. These kinds of solutions always prohibit those kinds of activities by a hacker or a mischievous character in the organization to take advantage of the system.

One Identity Active Roles helps to reduce identity-based breaches.

Right now, a lot of the discussion is centered on agentic AI for One Identity Active Roles. An agentic AI who can do most common tasks on its own would really help.

To be very honest, the ability to provision and de-provision resources in directories needs to be handled by my technical person, since I do not belong to that field.

I feel with the kind of use cases which One Identity Active Roles addresses and the kind of market we play into, then I think nine is a good rating for them. There is always room for improvement, so hence I am not giving it a ten at this time.

One Identity Active Roles is used primarily to simplify and automate Active Directory user and permission management. The solution automates routine tasks such as account creation, password reset, and permission assignments. It improves security by controlling access and providing auditing capability. A centralized dashboard allows for efficient management of users and permissions from one place.

One Identity Active Roles automates repetitive tasks that would otherwise require manual effort and time. When onboarding new employees, the tool automatically creates user accounts based on predefined templates. It assigns the correct group membership and permissions according to the employee role without manual intervention. This automation reduces errors and speeds up the processes.

One Identity Active Roles ensures that security policies are consistent across the organization.

One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.

The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.

One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.

One Identity Active Roles can be improved by simplifying the setup process since a small team in a small business requires implementation without extensive IT support. Additionally, the pricing could be more flexible or tiered to better fit the budget of a smaller organization.

I have used One Identity Active Roles for around one to two months.

One Identity Active Roles is stable.

My rating customer service rating is 5.

Neutral

Planning carefully for the initial setup is important as it can be complex and time-consuming. Ensure that there is access to expertise in Active Directory. The review rating for One Identity Active Roles is 9.

My main use case for One Identity Active Roles is managing Active Directory.

I use One Identity Active Roles to manage Active Directory by adding users to groups. When I'm adding users to groups with One Identity Active Roles, we sometimes do it manually, and sometimes we automate depending on the task. There are some automations in place for simple tasks such as adding people to distribution groups, but for more complex and sensitive tasks, they are done manually where a ticket comes in ServiceNow, and then we respond to that ticket manually by adding the people and then approving it.

I think the best feature One Identity Active Roles offers is probably the automation capability, although we do not utilize it to its fullest extent.

Since automation is a highlight for me, what I like about the automation in One Identity Active Roles is the time savings.

One Identity Active Roles has positively impacted my organization by providing a consistent and easy to understand interface for Active Directory, whether you are reading it or whether you are actively managing Active Directory.

One Identity Active Roles can be improved by updating the interface as it seems to have been static for quite some time, and I feel there could certainly be improvements made. Similarly, with the automation, I feel an updated user interface would make it slightly easier to use and understand for people who are not necessarily familiar with things such as the Active Directory Users and Computers interface.

Modernization is needed for those improvements.

I personally have been using One Identity Active Roles for four years, and my company has been using it for longer, probably six to eight years.

One Identity Active Roles is very stable and we never have any issues with it.

One Identity Active Roles has scaled well with us and we are not the biggest organization, but we have never had issues with scaling it.

Customer support for One Identity Active Roles is good and we have never had to raise an issue with customer support because it is a very stable product.

Positive

I did not previously use a different solution as I was not here when we may have used a previous solution, but I think we have always had One Identity Active Roles, as it has been here for over eight years.

I have not seen a return on investment or any relevant metrics and I cannot imagine we would have saved any employees or any full-time equivalents for One Identity Active Roles.

My experience with pricing, setup cost, and licensing for One Identity Active Roles is that they are all very reasonable.

Before choosing One Identity Active Roles, my team did not evaluate other options because I was not here when the team chose it as it was so long ago.

The advice I would give to others looking into using One Identity Active Roles is to be already familiar with Active Directory Users and Computers if possible, and dive into the automation as much as possible when you first receive it without hesitation to test it.

One Identity Active Roles is a very stable product and we would not consider getting rid of it, or at least a product of this sort, as there is definitely a need for it. I would say that as we migrate further into the cloud, there will probably be less of a need for it, but certainly for on-premises Active Directory, it is very important to us. I gave this review a rating of six.

We use it extensively. Our help desk and all the end users or administrators use it. It was being used for user provisioning, but we have now automated some of the functions. Earlier, when it was being manually done, we had set up all the templates for the end-user provisioning and de-provisioning.

The granular control has been very helpful for us. We want to be able to control what level users have access to. It is possible to control access levels at the organizational unit or even the attribute level, making it helpful for us.

Active Roles helped increase operational efficiency in our organization. We have delegated user provisioning to the help desk so they can create users or manage accounts. We have delegated group management to identified group owners who can manage their groups. Some of them just need read-only access to AD; they do not need to download the native tools. They can just do it via a browser.

Active Roles has helped our organization reduce the number of erroneous privileged accounts. We have set the templates, and we have set the standards. It helps standardize all the naming conventions and how they are provisioned with the rules. That is definitely very helpful.

We use the change history to see who might have modified what object. We have that tracking, but we use a tool from Quest called Change Auditor that can do the auditing to figure out who did what type of thing for auditing.

It is very intuitive and close to the native tools. Since it is web-based, it does not require extensive training for our end users. If users are familiar with native tools, they should be able to use the web-based tools with minimal training.

I know they have increased support for Entra ID and mentioned providing support for AWS. A way to connect to various directories and integrate with cloud directories would be beneficial.

We have used this solution for about 15 years.

It is very beneficial for large and complex environments. For mid-sized to small companies, I do not know if it would be that useful, considering the tool's purpose. For us, with a complex AD environment, it is incredibly useful, but for smaller companies, where there are not many users or roles needing identification, it may not be as beneficial or cost-effective.

We have more than 65,000 users.

One Identity's support is great. I would rate them a nine out of ten.

Positive

We have been using Active Roles since I have been on the team. We rolled it out and have been using it for the last 15 years or so. They were using native tools earlier.

I have not used other vendor solutions, just native tools. 

We deployed it and recently upgraded it. We received support from One Identity for consulting, but we did the upgrade ourselves. It was not too bad.

I would rate it a five out of ten for the ease of use. We were trying to do some load balancing and things like that, which did not work out the first time. There were also some issues with the dynamic groups. The first time, we had to roll it back, but we were successful the second time.

The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.

I would rate One Identity Active Roles an eight out of ten.

We use it for various purposes, such as automating tasks in an Active Directory environment. 

It assists the help desk in doing certain tasks in a more controlled manner, for instance, setting up new users. We enforce required fields to prevent setting up users without them, ensuring that certain fields meet specific requirements. It also facilitates easier management of various security features than Active Directory.

It has helped increase operational efficiency in our organization. We have a clear structure. There is a reduction in the mistakes.

It is an easier way for me to manage Active Directory with more advanced features.

The console helps with granular control.

There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.

I have used the solution for a bit more than three years.

It is stable. I would rate it an eight out of ten for stability.

It seems scalable.

It is good. I would rate them a nine out of ten.

Positive

It is good, and I would recommend it, but you should do a proof of concept and see if it works for your environment. 

Overall, I would rate the solution an eight out of ten.

We use Active Roles to bring our decentralized environment into a single pane of glass. Our entire customer base is in a single directory, and they can manage their objects without interfering with other entities in our environment. 

We saw benefits immediately. We must have these roles in place in our environment, or we'd be in big trouble. The solution improved our operational efficiency. Instead of manually applying permissions in Active Directory to thousands of OUs, we can do it in five minutes with a command in PowerShell.

It prevents us from erroneously assigning permissions. Active Roles improves our security posture by ensuring permissions are consistent and applied to the correct target every time. By taking the manual work out of the equation, we ensure we don't have any credential leaks.   

Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface.

The solution gives us granular control, allowing us to build highly customized roles and apply them across our environment. We have 500,000 separate OUs.

Active Roles could add more options for web customization. Our requirements are exceedingly specific. We'd like to get the web interface down to just five buttons, but in some cases, we can only get to six. The web interface in the current version is less customizable than in the previous one.

We have used Active Roles for 10 years over two periods. 

We've had no issues with crashing, but we've had problems with the web interface lagging. We're not sure if that's the infrastructure. 

One Identity is pretty scalable. We have SQL on the back end so that we can spin up a VM and bring up a new web interface. It has a new feature where a workflow can run on a dedicated server, and we don't need to use our frontend servers for workflow activities. 

I rate One Identity support nine out of 10. We are happy with the quality of One Identity's support team. We get a response within one or two days. Our unique organization has uncommon problems, so we typically need tier 2 or 3 support. The good thing about One Identity is that we don't need to spend a few days convincing them to escalate.  

Positive

Deploying Active Roles was easy. We had prior experience, and help from professional services made it easier. Our environment is unique, and their professional services helped tremendously with our odd use cases. You can stand up an out-of-the-box deployment in a couple of days. We had one primary engineer and two assistants on the deployment team. 

I wasn't involved in purchasing the solution, but I get the impression from management that it's priced about the same as other products, and we get more value from it. 

I rate One Identity Active Roles 10 out of 10. My suggestion to future users is to map out your roles with as much granular precision as possible. 

We're trying to solve the same problems with fewer products. We're not there yet, but we plan to consolidate, and our customers are happy with One Identity products.