No more typing reviews! Try our Samantha, our new voice AI agent.
Senior System Administrator at 3i Infotech
Real User
Top 5Leaderboard
Apr 26, 2026
Centralized automation has transformed directory governance and now secures delegated access
Pros and Cons
  • "We have definitely seen a strong return on investment after implementing One Identity Active Roles, mainly in terms of time saving, reduced workload, and improved efficiency, where user provisioning and access requests that earlier took hours are now completed in a few minutes through automation, and we observe around a 40 to 50% reduction in service desk tickets related to Active Directory tasks, which allows the team to focus on more critical activities instead of repetitive work, while delegation reduces dependency on senior administrators, indirectly saving manpower effort, and overall, the reduction in errors, faster onboarding, and improved compliance also contribute to cost savings and operational efficiency, making it a valuable investment for the organization."
  • "One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement."

What is our primary use case?

I have been using One Identity Active Roles for approximately three to four years as a part of my role as a Senior System Administrator, where I gain hands-on experience in implementing and managing One Identity Active Roles for centralized Active Directory administration, including creating and managing access templates, configuring role-based access control, automating user provisioning and de-provisioning processes, setting up approval workflows, enforcing policies, and delegating administrative tasks securely, along with troubleshooting synchronization issues and integration with existing AD infrastructure to ensure compliance, operational efficiency, and reduced manual effort in a large enterprise environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

In my daily work, I use One Identity Active Roles to automate user onboarding and offboarding processes, where new users are automatically created with correct permissions, group memberships, and policies based on their role, and during offboarding, accounts are disabled and access removed instantly, which helps me to reduce manual effort, improve accuracy, and ensure better security and compliance.

What is most valuable?

The best features of One Identity Active Roles that stand out to me are mainly automation, delegation, and policy enforcement, as these provide me the most value in a real-world environment, where automation helps in streamlining user provisioning, de-provisioning, and group management through workflows, significantly reducing manual effort and errors, while fine-grained delegation allows secure role-based access control so that service desk or junior admins can perform limited tasks without giving full domain access, improving security and reducing the risk of privilege misuse, and policy enforcement ensures that all objects follow predefined standards like naming conventions, mandatory attributes, and compliance rules, maintaining consistency across the environment, along with strong workflow management and approval processes for sensitive changes, dynamic group management, and detailed auditing and reporting that help track every change for compliance and security purposes, making One Identity Active Roles a powerful tool for centralized, secure, and efficient identity and access management.

One feature that I feel is not highlighted enough is the powerful auditing and reporting capability in One Identity Active Roles, which provides detailed tracking of every change made within the Active Directory through One Identity Active Roles, including who performed the action, what changes were made, and when, making it extremely useful for compliance, security investigation, and troubleshooting, and in addition, the ability to customize workflows and scripts using PowerShell integration is also very valuable as it allows extending functionality based on business requirements, automate complex tasks, and integrate with other system solutions more adaptively to different needs.

In our organization, One Identity Active Roles is deployed in a hybrid environment, where the core One Identity Active Roles components such as the administration service and management console are hosted on-premises within our data center for better control and security, while it also integrates with cloud services like Azure AD to support hybrid identity and access scenarios, allowing us to manage both on-premises and cloud-based identities centrally, which provides flexibility, scalability, and aligns with our organization's gradual cloud adoption strategy.

What needs improvement?

One Identity Active Roles can be improved by enhancing its user interface to make it more modern and intuitive, as sometimes navigation and configuration feel complex for new users, and additionally, improving reporting and dashboard capabilities with more customizable and real-time analytics would add significant value, while better native integration with cloud platforms like Azure AD and hybrid environments could also strengthen support for evolving infrastructure needs, and simplifying workflow design with more visual and user-friendly options, along with improved performance during large-scale operations, would make it even more efficient and easier to manage the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

For how long have I used the solution?

I have been working in my current field for the last 12 years.

Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,996 professionals have used our research since 2012.

What do I think about the stability of the solution?

One Identity Active Roles is a very stable and reliable solution in our experience, as it runs reliably in production with minimal downtime and handles large-scale Active Directory environments efficiently, provided it is properly configured and maintained, and we have seen consistent performance in day-to-day operations like provisioning, delegation, and policy enforcement without major issues.

What do I think about the scalability of the solution?

One Identity Active Roles scales very well as the organization grows, as it is designed for enterprise environments and can handle a large number of users, groups, and directory objects efficiently, and in our experience, it has supported increasing workloads without performance issues, especially due to its centralized management, automation, and role-based delegation model, which allows us to scale the system to manage more identities without adding proportional administrative effort, and it also supports hybrid environments like on-premises and cloud integration, making it flexible for expansion based on industry needs where organizations have reported scalability issues and that continue to perform reliably as the user base and infrastructure grow.

How are customer service and support?

My experience with customer support for One Identity Active Roles has been generally positive, as the support team is technically strong and responsive in handling issues in most cases, and they provide clear guidance and effective solutions.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, we were primarily using native Active Directory tools along with manual processes and some basic PowerShell scripts for user and group management, but we switched to One Identity Active Roles because those methods were time-consuming, error-prone, and lacked proper governance, delegation, and auditing capabilities, and as the organization grew, it became difficult to manage the identity life cycle efficiently, so we needed a centralized solution that could provide automation, role-based delegation, policy enforcement, and detailed auditing, which One Identity Active Roles delivered efficiently, helping us standardize processes, improve security, and reduce operational overhead.

How was the initial setup?

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, as it integrates quite well with Active Directory out of the box and aligns with the standard Microsoft environment, so the initial setup and synchronization were straightforward, but some complexity came in when configuring advanced workflows, custom policies, and integration with the hybrid environment like Azure AD, which required careful planning, scripting, and testing, so overall, it was manageable with good documentation and experience, but not completely plug-and-play for more advanced use cases.

What was our ROI?

We have definitely seen a strong return on investment after implementing One Identity Active Roles, mainly in terms of time saving, reduced workload, and improved efficiency, where user provisioning and access requests that earlier took hours are now completed in a few minutes through automation, and we observe around a 40 to 50% reduction in service desk tickets related to Active Directory tasks, which allows the team to focus on more critical activities instead of repetitive work, while delegation reduces dependency on senior administrators, indirectly saving manpower effort, and overall, the reduction in errors, faster onboarding, and improved compliance also contribute to cost savings and operational efficiency, making it a valuable investment for the organization.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing for One Identity Active Roles has been that it is on the higher side compared to native tools, as it follows an enterprise licensing model, typically based on the number of managed users or accounts, but the cost is justified by the value it delivers in terms of automation, security, compliance, and reduced operational overhead, while the initial setup cost includes infrastructure implementation and possible professional services, which require some planning and investment, and licensing management can be a bit complex depending on the organization's size and requirements, but overall, it is considered a worthwhile investment for large environments where efficiency, governance, and scalability are critical.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, we evaluated solutions such as Microsoft Identity Manager and SailPoint IdentityIQ, but we chose One Identity Active Roles because it provided a better balance of ease of deployment, strong Active Directory integration, effective delegation, and built-in automation, specifically tailored for our AD environment.

What other advice do I have?

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I would rate this product an 8 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Apr 26, 2026
Flag as inappropriate
PeerSpot user
Aditi Gummul - PeerSpot reviewer
Senior isr at DigitalTrack Solution Pvt Ltd
Real User
Top 5
Apr 23, 2026
Automated workflows have transformed daily access control and now improve compliance
Pros and Cons
  • "Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization."
  • "One area where One Identity Active Roles can be improved is in simplifying its initial setup and configuration process, as deployment can be complex and time-consuming for a new user or organization without deep Active Directory expertise, which can slow down adoption and require additional training or support."

What is our primary use case?

One Identity Active Roles serves as the primary tool in our organization to streamline and secure Active Directory management by automating administrative tasks, enforcing governance policies, and reducing the risk of human error. It helps us delegate access control efficiently through role-based administration, ensuring that the right users have the appropriate permissions without granting excessive privilege. Additionally, it enhances compliance by providing detailed auditing, reporting, and approval workflows for changes made within the directory, which is especially important for maintaining security standards and regulatory requirements. Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization.

A practical example from our daily use of One Identity Active Roles is our automated user provisioning process, where it is configured with policies and workflows that trigger as soon as a new employee is added to our HR systems or Active Directory. The system automatically assigns the correct group membership, email access, and permissions based on their roles and department, while also enforcing naming conventions and security rules simultaneously. Privileged access requests, such as adding a user to admin groups, go through an approval workflow that requires managerial authorization and is fully logged for auditing. This approach not only saves significant manual effort for the IT team but also ensures strict governance, consistency, and compliance without relying on individual administrators to remember every policy.

Our main day-to-day use of One Identity Active Roles revolves around simplifying and controlling Active Directory operations through delegated administration and policy-based management. We allow helpdesks or junior IT staff to handle routine tasks such as user creation, password resets, and group modifications without giving them full domain access, ensuring security is never compromised. Simultaneously, we rely heavily on its built-in workflows and approval mechanisms for sensitive changes, such as privilege escalation or access to critical systems, which ensures every action follows a defined governance process and is properly audited. Its automation capabilities help maintain consistency in user attributes, enforce compliance policies, and reduce manual errors, making it an essential tool that keeps our identity management efficient, secure, and aligned with organizational standards on a daily basis.

The workflow automation and auditing features of One Identity Active Roles have made a clear impact in our daily work, especially in handling access requests and compliance tracking. When a user needs elevated privileges, the request automatically goes through a predefined approval workflow instead of relying on manual emails, ensuring proper authorization before any changes are made and every action is logged with full details. This becomes extremely useful during audits or troubleshooting because we can quickly track who made what changes and when, reducing investigation time and improving accountability. This approach also removes the dependency on manual follow-ups and minimizes the risk of unauthorized access.

What is most valuable?

One of the best features of One Identity Active Roles is its strong combination of automation, security, and centralized control, which makes Active Directory management much more efficient and governed. A standout feature is workflow automation, where repetitive tasks such as user provisioning, deprovisioning, and access changes are handled automatically based on predefined rules, saving time and reducing manual errors significantly. Another key feature is role-based delegation, which allows organizations to grant limited control access to helpdesks or junior staff without exposing critical admin privileges, ensuring a least privilege security model. One Identity Active Roles also offers policy-based management where rules enforce naming conventions, mandatory attributes, and compliance standards during any Active Directory changes, maintaining consistency across the environment. Additionally, features such as dynamic groups, memberships, and temporal access automatically add or remove users from groups based on coordination or time, which is very useful for managing temporary or role-based access. Finally, its auditing and reporting capabilities provide full visibility into who made what changes and when, helping with compliance, troubleshooting, and security monitoring. Overall, these features together make One Identity Active Roles a powerful tool for improving efficiency, strengthening governance, and securely managing identity and access management operations.

What needs improvement?

One area where One Identity Active Roles can be improved is in simplifying its initial setup and configuration process, as deployment can be complex and time-consuming for a new user or organization without deep Active Directory expertise, which can slow down adoption and require additional training or support. Additionally, improving the user interface to make it more intuitive and user-friendly would enhance the overall experience for administration, especially for those who are not highly technical. There is also scope to enhance performance in certain scenarios such as reporting over slower networks. Expanding flexibility in customization and integrations could further strengthen its usability in modern hybrid and cloud environments, making it even more efficient and easier to manage at scale.

One improvement I would particularly highlight for One Identity Active Roles is the need for seamless integration with modern cloud platforms and hybrid environments. Many organizations now operate beyond traditional on-premises Active Directory, and having more out-of-the-box connection connectors and easier configuration for tools such as Azure or other SaaS applications would save time and effort. Making reporting and dashboards more customizable and intuitive would help administration quickly derive insights without relying on external tools. Improving documentation and in-product guidance could also make troubleshooting and advanced configuration much easier, especially for new users who are still becoming familiar with the platform.

For how long have I used the solution?

I have been using One Identity Active Roles for the last two years.

What do I think about the stability of the solution?

One Identity Active Roles is generally considered a stable and reliable solution in most enterprise environments, as many users rate its stability quite high, often between seven to ten out of ten. They highlight that it performs consistently well for automation, delegation, and auditing tasks.

What do I think about the scalability of the solution?

One Identity Active Roles is highly scalable and can easily support large enterprise environments with thousands to even hundreds of thousands of users across multiple domains. It grows well with our organization's needs without major performance issues, making it suitable for both mid-sized and large companies.

How are customer service and support?

Customer support for One Identity Active Roles is generally good, as most users report that the support team is responsive, technically knowledgeable, and ready to assist whenever tickets are raised, often providing clear and practical solutions to issues. Although in some cases there are slight delays or slower responses for more complex problems, the overall support experience is positive and reliable, though there is room for improvement in response time for critical or advanced issues.

Which solution did I use previously and why did I switch?

Before adopting One Identity Active Roles, we were primarily relying on native Microsoft Active Directory tools and manual PowerShell scripts for user and access management. We switched because those methods lacked centralized governance, automation, and proper auditing capabilities, which made the process time-consuming and prone to errors. As our environment grew, managing permissions and ensuring compliance became increasingly complex, so moving to One Identity Active Roles helped us streamline operations with automation, enforce consistent policies, and gain better visibility and control over all directory-related activities.

How was the initial setup?

Integrating One Identity Active Roles with our existing IT infrastructure and Active Directory is moderately straightforward but not entirely simple. It fits well within our traditional Active Directory environment and connects effectively with directory services. However, the initial setup, configuration of policies, and aligning it with existing workflows require careful planning and some expertise, especially when customizing roles and permissions. While basic integration is smooth, more advanced setups such as hybrid environments or additional system integrations can add complexity. Overall, it is manageable but does require a certain level of technical understanding to fully optimize its capabilities.

What was our ROI?

We have seen a clear return on investment with One Identity Active Roles, as it has reduced manual administration effort by approximately fifty to sixty percent, which directly translates into time savings for the IT team. In some cases, tasks that earlier took fifteen to twenty minutes, such as user provisioning or access changes, are now completed in just a few minutes through automation, while also reducing errors significantly, which avoids network and potential security risks. Overall, it has allowed us to handle the same workload with fewer resources or relocate team members to more strategic tasks, ultimately improving our productivity and delivering strong value compared to the investment made.

What's my experience with pricing, setup cost, and licensing?

Our experience with pricing, setup cost, and licensing for One Identity Active Roles has been generally positive, though with a few considerations as the solution follows a subscription-based licensing model, typically calculated based on the number of managed users and required features, which makes it scalable but can become relatively expensive for larger organizations and environments. The initial setup and procurement process was smooth with good vendor support, but the overall cost is on the higher side compared to basic tools, though it is justified by the value it delivers in automation, governance, and time savings. In our case, we found that the return on investment was strong because it significantly reduced manual efforts and administrative workload, making the pricing work despite the higher upfront and licensing costs.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, we evaluated a few other identity and Active Directory management solutions such as Microsoft Entra ID, Okta, and ManageEngine ADManager Plus, as they are commonly considered strong alternatives in the identity and access management space with capabilities such as automation, access control, and governance. While each had its strengths, especially in cloud integration or ease of use, we ultimately chose One Identity Active Roles because it offered more granular control, deeper Active Directory management, and stronger policy-based governance tailored to our on-premises and hybrid environment needs.

What other advice do I have?

My advice for anyone considering One Identity Active Roles would be to invest time in proper planning and initial setup, especially around role design, delegation models, and policy configuration, because the real value of the tool comes from how well these are structured from the beginning. Also, ensure your team has a good understanding of Active Directory. I would rate this product a nine out of ten overall.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Apr 23, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
903,996 professionals have used our research since 2012.
Arkajit Das - PeerSpot reviewer
CTO at Fraoula
Real User
Top 5Leaderboard
May 13, 2026
Identity governance has transformed compliance in sensitive sectors but still needs simpler setup
Pros and Cons
  • "I see a return on investment with One Identity Active Roles, specifically noting a 40% to 60% drop in time spent on provisioning, access reviews, and audit-related tasks."
  • "There are a couple of areas where One Identity Active Roles can be improved. One area is the overall user interface and experience, as the UI is sometimes very complex, so simplifying workflows for non-stakeholders would be helpful."

What is our primary use case?

My main use case for One Identity Active Roles is to use it primarily in the FinTech and HealthTech market, where data sensitivity is really high, and for having consistent policy enforcement so that it can reduce the risk significantly.

One specific example of how I use One Identity Active Roles in my HealthTech environment is that one of the biggest gains is the centralized identity access management, which supports secure access for all the clinicians and the staff while maintaining the compliance requirement, which is very critical when dealing with sensitive patient data. The scalability also is great for these types of tech, so it works well in deep tech startups where new services are frequently added. What I appreciate most is that it is adaptive for multi-factor authentication, adding a strong security layer without always interrupting the user, which is very important for both the HealthTech and FinTech environments.

When I integrate One Identity Active Roles with my systems, it bridges the modern cloud apps and older legacy systems within a single identity framework. In real-world environments, especially in HealthTech, having a clean, cloud-only stack is essential, making flexibility very critical. It also supports integration with Active Directory, SAP, and different databases, allowing my organization to unify access control without replacing the existing infrastructure, which is particularly important when dealing with a legacy EMR-based system. This plays a central role alongside different digital platforms.

What is most valuable?

The best features One Identity Active Roles offers include strong governance and lifecycle management capabilities, especially in environments where access control needs to be highly regulated. It helps ensure that a user only has access to what they truly need, reducing compliance-related risk. Additionally, the strongest point is how well it integrates with both legacy systems and modern infrastructure, which is very helpful for working with deep tech startups that require both legacy system capabilities and modern technologies.

One Identity Active Roles has positively impacted my organization by helping me gain clear visibility and control over user access across all systems. In regulated environments like HealthTech, it is much easier to demonstrate proper governance with specific policies aligned with the system. The automated access certification and audit trails help reduce manual effort in auditing by allowing me to generate reports directly instead of pulling data from multiple systems. This also helped me during regulatory reviews and internal audits by enforcing least privilege access and proper segregation of duties, which lowered the risk of unauthorized access.

Regarding reporting, One Identity Active Roles has helped me in healthcare reporting by building everything from a platform that is very adaptable to the current ecosystem. It helps integrate with microservices and APIs while accommodating older enterprise systems, which is another added advantage.

What needs improvement?

There are a couple of areas where One Identity Active Roles can be improved. One area is the overall user interface and experience, as the UI is sometimes very complex, so simplifying workflows for non-stakeholders would be helpful. Another improvement is the implementation and configuration complexity, since the initial setup and advanced policy configuration often require specialized expertise, which can slow down deployment in fast-moving tech setups. Additionally, performance for large-scale access or certification campaigns can be optimized further, although I understand that large enterprises can take some time due to complex processes, necessitating improvements in speed and responsiveness. Finally, having a neater analytics and reporting dashboard would be great.

For how long have I used the solution?

I have been using One Identity Active Roles for almost two to three years.

What do I think about the stability of the solution?

I find One Identity Active Roles to be stable.

What do I think about the scalability of the solution?

One Identity Active Roles's scalability is impressive, as it has been used for multiple years in enterprise-related systems and scales well with large user bases or complex access requirements. It can manage not only internal employees but also billions of external users. The architecture supports both horizontal and vertical scaling, making it suitable for growing deep-tech environments with continuously added services and users. Its modular design and automation allow capabilities to extend without redesigning the whole system. Overall, I rate its scalability an eight out of ten for supporting reliable business growth and architecture.

How are customer service and support?

The customer support from One Identity Active Roles is really good.

How was the initial setup?

My experience with pricing, setup cost, and licensing is that pricing is generally on the higher side, especially for organizations using multiple modules like identity governance, privileged access, and analytics. It is more suitable for large enterprises rather than startups or medium-sized companies as the pricing is not very cost-friendly. Although it provides comprehensive governance, privileged access, and analytics tools, the pricing can feel complex depending on the licensing model and deployment scale, which organizations should definitely plan for well in advance.

What was our ROI?

I see a return on investment with One Identity Active Roles, specifically noting a 40% to 60% drop in time spent on provisioning, access reviews, and audit-related tasks. While the upfront cost can be high, the automation, reduced risk, and overall efficiency typically justify the investment, although it may take three to five years to see a complete ROI.

Which other solutions did I evaluate?

Before choosing One Identity Active Roles, I evaluated options like Microsoft technology and cloud providers such as Okta, SailPoint, Entra, and CyberArk. However, in my experience, One Identity Active Roles is particularly strong for identity governance and compliance, which led me to my decision. Each of these tools has its own pros and cons, and the choice ultimately depends on the organization's priorities.

What other advice do I have?

I have consolidated my use of OneLogin, One Identity Active Roles, and other access control products.

I definitely utilize the fine-grained permission control feature of One Identity Active Roles, which helps me assign permissions not just at the role level, but down to very specific systems and attributes or actions when required. For example, when considering giving a user full database or application-level access, I can restrict them to specific functions like read-only access or limited transactions. This definitely helps enforce the least privilege principle and reduces the risk of misuse or data exposure. It is particularly helpful for policy-based or role-based models, especially in dynamic conditions, such as department-wise, location-wise, or risk level-wise.

Regarding automation capabilities, One Identity Active Roles allows me to automatically provision, modify, or de-provision role-based changes. It helps automate access request and approval workflows, letting users request access through a self-service portal while routing approvals to the necessary stakeholders. This is particularly useful when needing controlled yet quick access. The policy-driven automation is another key strength, as access is assigned based on predefined roles, rules, or attributes, ensuring consistency and compliance without manual intervention.

The impact of One Identity Active Roles on my compliance efforts is significant. It provides centralized visibility to user access, roles, and entitlements, simplifying governance. For FinTech and HealthTech industries, where periodic reviews are required for standard protocols such as PCI DSS or HIPAA, it is very helpful. The platform maintains detailed audit trails and reporting, allowing me to quickly track changes, approvals, and policy violations, making it easier to demonstrate compliance during audits and identify potential gaps or risks early.

One Identity Active Roles significantly reduces the complexity and workload of administrative tasks related to Active Directory. As an admin and CTO, I appreciate how it has reduced manual workload for my admin team, especially when automating repetitive tasks such as provisioning and updating access. It has made management easier, enabling admins to focus on governance and policy decisions rather than routine operations. It improves both efficiency and consistency overall.

One Identity Active Roles helps organizations specifically delegate admin tasks to business users through a role-based system and approval workflows. This means the IT team does not have to handle every access request because managers can review and approve access directly for their teams. It also supports granular delegation of specific admin rights without giving full system control, which is very helpful for large enterprise organizations with multiple departments. Overall, this reduces bottlenecks for the IT team and speeds up access decisions.

My advice for others looking into using One Identity Active Roles is to plan well in advance, as investing time in proper role and access definition before implementation is crucial. One Identity Active Roles is powerful, but if roles, policies, and access are not clearly defined upfront, managing it later can become complex. It is important to have the right expertise or partner support during deployment due to the platform's strong learning curve. Starting with a phased rollout, beginning with critical systems, stabilizing the setup, and then expanding, works really well. I would rate my overall experience with One Identity Active Roles a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 13, 2026
Flag as inappropriate
PeerSpot user
Nikita Bhojwani - PeerSpot reviewer
Senior Business Development Executive at Digitaltrack
Real User
Top 5
Jul 2, 2026
Centralized workflows have improved secure user lifecycle management and reduced manual effort
Pros and Cons
  • "Overall, it has made our identity administration process more structured, predictable, and easier to manage as our environment has grown."
  • "One Identity Active Roles is a mature and reliable product, but there are definitely areas where it could be improved."

What is our primary use case?

Our main use case for One Identity Active Roles is to simplify and centralize the management of our Active Directory environment. We use it primarily for user provisioning and de-provisioning, group membership management, password reset, and delegating routine administrative tasks to our helpdesk team without giving them full domain administrator privilege. Before implementing it, most of these activities were handled manually through native Active Directory tools, which made the process time-consuming and increased the chance of human error, especially during employee onboarding and offboarding.

With One Identity Active Roles, we have been able to standardize this process using approval workflow and role-based delegation, which has improved consistency and reduced administrative effort. One practical challenge we still face is that highly customized environments sometimes require additional scripting or policy adjustment, so it is not completely plug-and-play for every scenario. Overall, it has become a key tool for improving operational efficiency, maintaining better governance over Active Directory changes, and reducing the workload on our IT administration.

For employee onboarding, we use One Identity Active Roles to automate the creation of new Active Directory accounts based on predefined templates. When HR confirms that a new employee is joining, we create the account through One Identity Active Roles, which automatically applies the correct organizational unit, security group, naming conventions, and access permissions based on the employee's department and role. This has reduced the manual work and helped us avoid common mistakes like assigning incorrect group membership or forgetting required permission.

For offboarding, we follow a similar standardized process where the user's account is disabled immediately, group memberships are removed, access is revoked, and the account is moved to the appropriate organizational unit for retention according to our internal policies. Having this process centralized has made user lifecycle management much more consistent and has also simplified compliance and audit activities.

What is most valuable?

The biggest benefit is not just the automation itself, but the consistency it brings to everyday administration. Since routine tasks follow predefined workflows, different administrators can perform the same activity without introducing variation or accidental configuration error. It has also made it easier to delegate basic account management tasks to the service desk while keeping tighter control over privileged operations. From an operational perspective, we have spent less time on repetitive administrative work and more time on higher priority projects. There is still room for improvement, especially when working in a hybrid environment where organizations have both on-premises Active Directory and cloud identity platforms. Some advanced customization and integration still require additional scripting or planning, so it is not a complete out-of-the-box solution for every environment.

Overall, it has made our identity administration process more structured, predictable, and easier to manage as our environment has grown.

The features I find most valuable in One Identity Active Roles are role-based administration, user lifecycle management, workflow automation, and policy enforcement. Role-based delegation has been especially useful because it allows us to give the help desk or regional IT team access only to the tasks they need without granting full Active Directory administrative rights, which improves security and reduces the risk of additional or accidental changes.

The automation around user provisioning and de-provisioning has also made a noticeable difference by reducing the manual effort during the employee's onboarding and offboarding while keeping the process consistent across a department. Another feature I appreciate is the policy enforcement capability, which helps maintain naming standards, required attributes, or organizational rules, reducing the number of configuration mistakes. The approval workflow and auditing feature has also been valuable during compliance reviews because they provide better visibility into who made changes and when.

The interface could be more modern and some advanced customization still requires additional scripting and product knowledge. Even with those limitations, the combination of automation, delegated administration, and governance has made day-to-day Active Directory management much more efficient.

One of the biggest advantages of role-based delegation in One Identity Active Roles has been that we no longer need to provide domain admin or other high-level privileges for routine administrative work. Before using this approach, even simple tasks such as unlocking a user account, resetting passwords, or updating group memberships often required elevated permissions, which increased security risks and made it harder to track responsibilities. With role-based delegation, we can assign specific permissions based on job responsibilities. The help desk can handle common user requests while scenario administrators retain control over critical changes.

This has reduced the risk of accidental or unauthorized modification and made it much easier to follow the principle of least privilege. It has also improved accountability because every action is tied to the appropriate administrator, which is helpful during audits or when investigating changes. The only challenge is that defining the right role and permissions takes careful planning at the beginning, especially in larger organizations with multiple IT teams, but once those roles are established, day-to-day administration becomes much more secure and efficient.

What needs improvement?

One Identity Active Roles is a mature and reliable product, but there are definitely areas where it could be improved. The first is the user interface, which feels a bit dated compared to newer identity management platforms. While it provides all the functionality we need, new administrators often take time to become comfortable navigating it. I also think the reporting and dashboard capabilities could be more customizable, especially for organizations that want quick visibility into user provisioning activities, policy violations, or administrative changes without creating custom reports.

Another area is hybrid identity management. As more organizations move toward cloud-first environments, tighter integration and simpler management across both on-premises Active Directory and cloud identity services would reduce the need for additional configuration. Some advanced workflows and custom policies still require scripting or product-specific expertise, which increases the learning curve. Better built-in templates, automation options, and more detailed troubleshooting guidance would make deployment and ongoing administration easier. Despite this area for improvement, the core functionality has been stable and dependable, and the product continues to handle our day-to-day Active Directory management efficiently.

One additional area I would mention is the overall learning curve. Although experienced Active Directory administrators can become productive fairly quickly, someone who is new to One Identity Active Roles may need time to understand the delegation model, workflow, and policy configuration. I also think the documentation for more advanced use cases could include more practical, real-world examples instead of focusing mainly on feature description. As IT environments continue to evolve, I would like to see more built-in support for hybrid identity scenarios and cloud-native administration so organizations do not have to rely as much on custom integration or scripting. These improvements will not change the core strength of the product, but they would make implementation, day-to-day management, and administrator onboarding much smoother, especially for teams with limited resources and mixed levels of experience.

For how long have I used the solution?

I have been working in my current field for the last four years.

What do I think about the stability of the solution?

One Identity Active Roles has been a stable solution for our environment. Once the initial deployment and configuration were completed, we did not experience any major issues that affected day-to-day operations. It has handled routine tasks such as user provisioning, account updates, group management, and delegated administration consistently without unexpected interruption. Most of the issues we encountered were related to configuration changes or integration with other systems rather than the product itself.

We also found that keeping the platform updated and following the recommended maintenance practices helped maintain its stability. Like any enterprise identity management solution, it requires proper planning and regular monitoring, but overall, it has been dependable and reliable for managing our Active Directory environment. I would not describe it as completely maintenance-free, but from an operational standpoint, it has been stable enough to support our daily identity management process with minimal downtime.

What do I think about the scalability of the solution?

One Identity Active Roles scales effectively as the environment grows. We started by using it mainly for routine Active Directory administration, but as the number of users, groups, and administrative requests increased, it continued to perform reliably without requiring major changes to our process. Adding new departments, expanding delegated administration, and introducing additional workflows was straightforward because the platform is designed to support enterprise environments.

Performance remained consistent even as our directory became larger, and we did not notice any significant delay in day-to-day operations. Scalability also depends on the underlying infrastructure and how well the environment is planned. In larger or more complex organizations, it is important to design the architecture correctly and review the policy periodically to maintain performance. Overall, we have found it to be capable of supporting organizational growth while keeping identity administration centralized and manageable.

How are customer service and support?

Our experience with customer support for One Identity Active Roles has been positive. Most of the time, the support engineers are knowledgeable about the product and respond within a reasonable timeframe, especially for issues related to configuration or troubleshooting. During implementation, we reached out a few times for guidance on workflow configuration and permission delegation, and they were able to explain the recommended approach instead of just providing a temporary fix.

For more complex issues, the resolution sometimes took longer because they needed to review logs or escalate the case, but we received regular updates throughout the process. I also found the documentation and knowledge base helpful for resolving common questions without having to open a support ticket. There is room for improvement in reducing response time for advanced technical cases. Overall, the support experience has been reliable and has helped us keep the environment running smoothly.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, we primarily relied on the native Microsoft Active Directory tools such as Active Directory Users and Computers along with PowerShell scripts for repetitive administrative tasks. While those tools were sufficient for basic user and group management, they became difficult to manage as our environment grew. Routine activities such as user provisioning, offboarding, permission changes, and delegated administration were largely manual, which increased the risk of inconsistency and human error. We decided to move to One Identity Active Roles because we needed a more structured approach with workflow automation, role-based delegation, policy enforcement, and better auditing capability.

The transition was not driven by problems with Microsoft tools themselves, but by the need for stronger governance, improved operational efficiency, and better control over administrative activities in a larger enterprise environment.

How was the initial setup?

My advice would be to spend enough time planning your Active Directory structure, administrative roles, and user lifecycle processes before implementing One Identity Active Roles. The product provides a lot of flexibility, but you will get the best results if your access policies and organizational structure are already well-defined. I would also recommend starting with a pilot deployment for a smaller group of users or departments before rolling it out across the entire organization.

This helps identify any workflow or permission issues earlier and gives administrators time to become familiar with the platform. It is also worth investing in training for the IT team because features such as delegated administration, workflow automation, and policy management become much more valuable once everyone understands how to use them effectively. Do not expect it to solve every identity management challenge out of the box. If your environment includes hybrid infrastructure, legacy applications, or complex business rules, you will likely need some customization and careful planning. Overall, if you are looking for stronger governance, more consistent Active Directory administration, and reduced manual effort, it is a solid solution, provided you approach the implementation with clear planning and realistic expectations.

What about the implementation team?

Our company's only relationship with One Identity is as a customer. We use the product internally for our identity and Active Directory management requirements and we do not have any partnership, reseller, or other commercial relationship with the vendor.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, we looked at a few different options, including the native Microsoft Active Directory administration tools, Microsoft Identity Management offering, and a couple of other identity governance solutions. Our evaluation focused on ease of administration, delegated access, workflow automation, auditing capabilities, integration with our existing Active Directory environment, and the overall effort required to manage user lifecycle.

While some alternatives provided similar functionality, we found that One Identity Active Roles offered a good balance between centralized administration, role-based delegation, policy enforcement, and automation without requiring a complete redesign of our existing Active Directory environment. The decision was not based on a single feature, but on how it fit our operational requirements and reduced the amount of manual administrative work for our IT team.

What other advice do I have?

The experience was generally positive and professional. Faster resolution for advanced technical cases and more proactive guidance for complex environments would make the support experience even better. I would rate this review as eight out of ten.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 2, 2026
Flag as inappropriate
PeerSpot user
Identity and Access Management Specialist at a university with 10,001+ employees
Real User
Top 5
Apr 2, 2026
Governed access has transformed user management and now reduces internal attack surface
Pros and Cons
  • "One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations."
  • "Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management."

What is our primary use case?

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

What is most valuable?

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

What needs improvement?

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

For how long have I used the solution?

I have used the solution for over three years.

What do I think about the stability of the solution?

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

What do I think about the scalability of the solution?

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

How are customer service and support?

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

Which solution did I use previously and why did I switch?

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

What was our ROI?

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

Which other solutions did I evaluate?

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

What other advice do I have?

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Apr 2, 2026
Flag as inappropriate
PeerSpot user
Devoloper at Wealthcompany.in
Real User
Top 20
Jun 1, 2026
Delegated administration has improved governance and automation streamlines user lifecycle tasks
Pros and Cons
  • "One of the biggest positive impacts of One Identity Active Roles was bringing more control and consistency to Active Directory."
  • "One area where One Identity Active Roles could be improved is troubleshooting and visibility."

What is our primary use case?

One Identity Active Roles is our main solution for Active Directory administration and user life cycle management. In day-to-day operation, I primarily use it for onboarding and offboarding users, managing group membership, handling access requests, and delegated administration.

What is most valuable?

One Identity Active Roles enforces consistency in Active Directory administration. Before implementation, different administrators sometimes followed different processes for account creation or access changes. With One Identity Active Roles, workflows and policies help standardize those activities. It also gives us better visibility into who made changes and when, which has been useful during access reviews and audit-related activities.

The features that stood out most for me in One Identity Active Roles are delegated administration, automation, and role-based access control. Delegated administration made a big difference because it allowed the service desk to handle routine tasks such as password resets, account unlocks, and certain group management activities without giving them full Active Directory administrative rights. Automation was also valuable for onboarding and offboarding processes, helping reduce manual effort and maintain consistency. Another feature I found useful was the auditing capability since it provided better visibility into who made changes and helped during access reviews and compliance checks.

Automation had a noticeable impact on our team's efficiency because it reduced the amount of repetitive Active Directory work. Before One Identity Active Roles, user provisioning and access changes often involved multiple manual steps and validation checks. For example, onboarding required administrators to manually create accounts, assign groups, and verify permissions. With the automated workflow, much of that process became standardized, which reduced administrative effort and helped avoid administration mistakes. It also meant the Active Directory team spent less time on routine requests and more time on governance, access reviews, and improvement initiatives, although automation did not eliminate all manual work.

One of the biggest positive impacts of One Identity Active Roles was bringing more control and consistency to Active Directory. Before implementing it, many user and access management tasks relied heavily on manual processes and experienced administrators. With One Identity Active Roles, many of those activities became standardized through workflows, delegated administration, and role-based access control. From an operational perspective, it improved turnaround times for common requests, reduced the risk of unauthorized changes, and gave us better visibility into administrative activities.

From a governance and security perspective, I think One Identity Active Roles is one of the stronger areas of the product. It helps enforce role-based access control, delegated administration, and least privilege principles much more effectively than relying on native Active Directory administration alone. We had better control over who could perform specific tasks, and administrative activities were easier to audit and review. In terms of artificial intelligence capability, I would not say artificial intelligence is currently a major strength of the product. Most of the value comes from the policy-based automation, workflows, and governance controls rather than advanced artificial intelligence-driven decision-making.

What needs improvement?

One area where One Identity Active Roles could be improved is troubleshooting and visibility. As environments grow and workflows become more complex, it can sometimes take time to determine why a specific permission, workflow, or delegated task is not behaving as expected. I also think the reporting experience could be more flexible, especially for organizations that need customized governance and audit reports. Overall, One Identity Active Roles is strong in its core functionality, but improvements in user experience, reporting, and troubleshooting would make administration easier.

One additional improvement I would mention is around hybrid identity and cloud integration. Many organizations today are managing both on-premises and cloud environments. Having deeper visibility and governance across those environments from a single interface would be valuable. Another area is workflow management. While the flexibility is powerful, maintaining and troubleshooting complex approval workflows can sometimes become challenging as organizations grow and requirements evolve.

For how long have I used the solution?

I have been working in my current field for the last seven years.

What do I think about the stability of the solution?

One Identity Active Roles has been a stable platform overall in my experience. We use it for daily Active Directory operations, delegated administration, and user life cycle management, and it has performed reliably without causing major operational issues.

What do I think about the scalability of the solution?

One Identity Active Roles scaled well from my experience, especially in an organization with a large Active Directory environment. As our user base, groups, and administrative requests grew, we were able to continue using the same platform without significantly changing our operational model. Features such as delegated administration and automation helped us absorb that growth without putting additional pressure on the Active Directory team.

How are customer service and support?

My experience with customer support was generally positive. For routine issues and product-related questions, the support team was knowledgeable and usually able to point us in the right direction fairly quickly. We especially found them helpful during implementation when working through delegation workflow-related configuration questions.

I would rate customer support eight out of ten. The support engineers generally had good product knowledge and understood Active Directory delegation models and workflow-related issues well. In most cases, we received useful guidance without extensive back-and-forth.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, we primarily relied on native Active Directory tools, such as Active Directory Users and Computers, along with PowerShell scripts for user provisioning and access management. As the environment grew, managing delegated permissions, user life cycle processes, and ensuring a consistent audit trail with this manual system became increasingly difficult. Different teams were following different processes, and it was challenging to maintain consistent governance.

How was the initial setup?

I would describe the integration as moderately easy. Since our environment was already heavily based on Active Directory and Microsoft technologies, the core integration was fairly straightforward. The basic setup, user provisioning, delegated administration, and role-based access control configuration were not particularly difficult. Most of the effort went into planning the delegation model, approval workflows, and ensuring they aligned with our existing operational processes.

What was our ROI?

I would not say it reduced the number of employees, but it definitely helped the existing team handle a higher volume of work more efficiently. Before One Identity Active Roles, the Active Directory team was spending a significant amount of time on routine activities such as account provisioning, group membership updates, and access-related requests. After introducing automation and delegated administration, many of those requests could be handled by the service desk or proceeded through a standardized workflow.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup costs, and licensing was generally positive, although the product is definitely more suited for medium and large enterprises than smaller environments. The licensing and initial setup cost required justification upfront, but the value became clearer once we started using the automation, delegated administration, and governance features at scale. From the setup perspective, the technical installation was not the most challenging part. The bigger effort was planning and delegation.

Which other solutions did I evaluate?

We did look at a few alternatives before selecting One Identity Active Roles. The main ones were Microsoft Identity Manager and SailPoint IdentityIQ. Microsoft Identity Manager was already familiar from our Microsoft ecosystem perspective, while SailPoint offered strong identity governance capabilities. However, for our requirements, One Identity Active Roles provided a better balance between Active Directory administration, delegated access management, automation, and governance.

What other advice do I have?

My advice to organizations looking into One Identity Active Roles is to spend time understanding your Active Directory structure, delegation requirements, and access governance processes before implementation. One Identity Active Roles delivers the most value when you have clear ownership of administrative tasks and well-defined access policies. If these processes are not documented, it is worth first addressing these before purchasing the product. I would rate this review nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 1, 2026
Flag as inappropriate
PeerSpot user
Business Development Manager at Digitaltrack
Real User
Top 10Leaderboard
Jul 2, 2026
Delegated workflows have transformed access governance and make directory administration consistent
Pros and Cons
  • "After moving to One Identity Active Roles, we automated many of the routine processes and introduced delegated administration, which significantly reduced the workload of non-senior administrators."
  • "The biggest one is the management interface, which feels dated compared to many newer identity management platforms."

What is our primary use case?

Our main use case for One Identity Active Roles is to simplify and standardize Active Directory administration across multiple business units while reducing the amount of manual work handled by our IT team. Before we implemented it, routine tasks like creating user accounts, modifying group membership, disabling accounts for departing employees, and managing organizational unit work were performed directly in Active Directory by different administrators, which sometimes led to inconsistent processes and occasional configuration mistakes. We started using One Identity Active Roles as a centralized management layer with delegated administration, so the regional IT team could perform only the tasks they were authorized to do without receiving full domain administrative privileges. We also use it to automate common provisioning and development processes, which helps ensure new employees receive the right access more quickly and that accounts are visible promptly when someone leaves the company.

The approval workflow and auditing capability made it much easier to satisfy internal compliance requirements because every administrative action was logged and traceable. Day-to-day administration becomes more predictable and less dependent on PowerShell scripts or manual intervention. Although the initial deployment required careful planning around role design and permissions and customizing workflows took some time to get right, overall, it reduced administrative overhead, improved consistency across our One Identity Active Roles environment, and gave us better control over privileged operations. Although I still would like to see a more modern management interface and a simpler process for implementing complex custom workflows.

What is most valuable?

An example that stands out regarding how One Identity Active Roles made a task easier was our employee onboarding process. Before we started using One Identity Active Roles, creating a new user account involved several manual steps performed by different administrators, including creating the Active Directory account, placing the user in the correct organizational unit, and verifying that everything matched with the employee's role. This process could take anywhere from a few hours to a full business day, and occasional mistakes such as assigning the wrong group or missing required permissions resulted in additional support tickets after the employee joined. After implementing One Identity Active Roles, we configured roles with provisioning and approval workflows so that once a request was approved, the account was created automatically with the appropriate attributes, group memberships, and naming standards based on the user's department and job function.

This significantly reduced manual effort, improved consistency, and allowed new employees to have the correct access much sooner. It also gave us a complete audit trail of who requested, approved, and executed each change, which was valuable during compliance reviews while setting up the workflows required careful planning and testing. The long-term reductions in administrative work and provisioning errors made a noticeable difference in our day-to-day operations.

In addition to user provisioning, we also rely on One Identity Active Roles for day-to-day Active Directory administration and delegated access management. As our environment grew, it became increasingly important to ensure that routine administrative tasks could be handled by regional IT teams without granting them full domain administrative privileges. One Identity Active Roles gave us a structured way to delegate specific responsibilities while maintaining centralized control and consistent security.

We also used its auditing capabilities to track changes made to users' accounts, groups, and organizational units, which proved useful during internal audits and when investigating configuration changes. Another benefit was the consistency it brought to administrative processes, as everyone followed the same workflow instead of using different scripts or manual methods. It wasn't a product that eliminated every administrative task, and more complex workflow customization still required planning and expertise. But for everyday identity administrations, it helps us reduce manual effort, improve governance, and make Active Directory management much more organized and predictable.

From my experience, the strongest features of One Identity Active Roles are delegated administration, workflow automation, and its auditing capabilities. Delegated administration made a noticeable difference because we could assign specific administrative responsibilities to help techs or regional IT teams without giving them full Active Directory permissions, which improved security while allowing routine requests to be handled much faster. The workflow automations for user provisioning, account modifications, and deprovisioning help reduce manual effort and ensure that tasks are performed consistently according to our organization's policies, minimizing human error. I also found the auditing and reporting features very valuable because every administrative action was logged, making it much easier to investigate changes, support compliance requirements, and demonstrate accountability during audits. Another feature we appreciate is the policy-based management, which helps enforce naming standards and other directory policies automatically instead of relying on administrators to remember every requirement. Overall, this feature simplifies day-to-day Active Directory management and improves operational efficiency while strengthening governance, although configuring advanced workflows and policies initially requires careful planning and a good understanding of the product to get the most value from it.

The features we use most in our day-to-day operations are delegated administration because it directly affects how our IT team handles user management requests. We have different administrators and support teams responsible for specific business units, so instead of giving everyone broad Active Directory privileges, we assign only the permissions they need to perform their tasks. That has reduced the security risk associated with excessive administrative access while allowing routine activities such as password resets, account unlocks, user updates, and group membership changes to be completed quickly without waiting for a senior administrator. It has also made responsibilities much clearer since each team knows exactly what they are authorized to manage. However, over time, this has reduced operational bottlenecks and improved response times for end users while giving us better control over the changes being made in the directory.

In addition to delegated administration, I think one of the strengths of One Identity Active Roles is how its features work together rather than in isolation. Delegated permissions, workflow automations, policy enforcement, and auditing complement each other, so administrative tasks are not only faster but also more consistent and easier to track. That said, I think there is still room for improvement in the user interface and in simplifying the configurations of advanced workflows, especially for organizations that don't have dedicated identity management specialists. Once the product is properly configured, it becomes a reliable platform for managing Active Directory at scale.

One Identity Active Roles has had a positive impact on our organization by making our Active Directory administrations more consistent, secure, and efficient. Before implementing it, many account management tasks were handled manually, which increased the chances of configuration errors and delayed user provisioning, especially during periods of high onboarding activity. After moving to One Identity Active Roles, we automated many of the routine processes and introduced delegated administration, which significantly reduced the workload of non-senior administrators.

From an operational perspective, we estimated that the time required to provision a new user account dropped from several hours to around twenty to thirty minutes in most cases because the necessary approvals, group assignments, and policies were handled through standardized workflows. We also saw fewer support tickets related to incorrect permissions or missed group memberships because the provisioning process became much more consistent. From a security standpoint, limiting administrative privileges through delegated rules reduced the risk associated with excessive access, while the built-in auditing gave us complete visibility into who made changes along with simplified compliance review and troubleshooting. Although implementing the workflows required careful planning and some fine-tuning in the beginning, the long-term benefits in terms of operational efficiency, governance, and reduced administrative effort made it a valuable part of our identity management process.

What needs improvement?

I think One Identity Active Roles is a mature and reliable solution, but there are a few areas where it could be improved. The biggest one is the management interface, which feels dated compared to many newer identity management platforms. While it provides a lot of functionality, navigation and configuring complex workflows can be challenging, especially for administrators who are new to the product. I also think the initial setup and customizations require a good understanding of both Active Directory and the product itself, so there is a noticeable learning curve.

In larger environments, making changes to workflows or policies often requires careful testing to avoid unintended effects, which can slow down implementations. Reporting is another area where I think there is room for improvement, as more modern customizable dashboards and easier report creation would make it simpler to monitor administrative activity and compliance. None of these issues have been significant enough to affect the product's reliability or day-to-day operations, but improving usability, simplifying workflow configurations, and modernizing the interface would make the overall experience better for both new and experienced administrators.

For how long have I used the solution?

I have been using One Identity Active Roles for two years.

What do I think about the stability of the solution?

My experience with One Identity Active Roles has been stable. Once it was properly deployed and configured, we didn't experience any major technical issues during day-to-day operations. We consistently handle the identity management tasks such as user provisioning and group management, which help keep the environment running smoothly.

What do I think about the scalability of the solution?

One Identity Active Roles shows strong scalability in our environment. As our organization grows, the platform continues to perform well without requiring significant changes to our data-driven processes. One of its strengths is that the delegated administration model and the automated workflows can be extended as the organization grows, so we don't have to redesign our identity management approach every time a new team or business unit is added.

How are customer service and support?

My interactions with One Identity customer support have been fairly limited because the product has been stable, and we haven't needed to open many support cases. On the occasions when we did contact support, the responsiveness of their professionals and engineers was commendable. Most configuration questions were resolved within an acceptable timeframe, although more complex issues sometimes required additional follow-up before a final resolution was provided.

Which solution did I use previously and why did I switch?

I didn't use any solution before switching to One Identity Active Roles.

How was the initial setup?

We haven't used any AI-specific capabilities in One Identity Active Roles, so I can't comment on those from first-hand experience. From a governance and security perspective, the product has very strong features such as delegated administration, role-based access control, approval workflows, and comprehensive auditing, which have helped us maintain tighter control over Active Directory changes while reducing the risk associated with excessive administrative privileges. Having a detailed audit trail has also been valuable for compliance and troubleshooting because we can easily see who made a change, when it was made, and what was modified. Overall, I think its governance capabilities are one of the product's biggest strengths as identity management evolves.

What was our ROI?

While we did not calculate an exact return on investment, we saw a clear operational advantage by automating routine Active Directory tasks such as user provisioning, modifications, and deprovisioning, and using delegated administration. Our IT teams spend much less time on repetitive requests. Senior administrators no longer had to handle every routine change, which allowed them to focus more on strategic work while the help desk team managed common requests within their assigned permissions. We also experienced fewer errors and more consistent user management because of standardized workflows compared to manual processes. Although we didn't measure success in terms of dollars or a reduction in headcount, the improvements in efficiency, security, and management investment were evident from an operational perspective.

What's my experience with pricing, setup cost, and licensing?

I wasn't directly involved in the pricing or licensing decisions, so I cannot comment on the exact cost. For our operations, I believe the investment was considered worthwhile because the product relieves manual Active Directory administration and improves security through delegated administration and auditing. Like most enterprise identity management solutions, it requires planning to ensure the licenses align with the management size and requirements. However, since I wasn't responsible for evaluations or commercial decisions, I prefer not to speculate on pricing or setup costs.

Which other solutions did I evaluate?

I didn't evaluate any other options before choosing One Identity Active Roles.

What other advice do I have?

I would rate One Identity Active Roles an eight out of ten. It is a stable and reliable solution that significantly simplifies Active Directory administrations through delegated administrations, workflow automations, and comprehensive auditing. It has helped us improve consistency, reduce manual effort, and strengthen security by limiting administrative privileges and providing a clear audit trail for changes.

I would rate customer support an eight out of ten.

I advise others looking into using One Identity Active Roles to spend ample time on planning before deployment, especially around your Active Directory structure, determining the delegated administration model, and establishing governance policies. The product is very capable, and you'll get the most benefit by starting with a few high-quality workflows before expanding into more advanced configurations. My overall review rating for One Identity Active Roles is eight out of ten.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jul 2, 2026
Flag as inappropriate
PeerSpot user
Senior Engineer at Pantomath Group
Real User
Top 5
Jun 13, 2026
Delegated workflows have streamlined user provisioning and now reduce daily admin workload
Pros and Cons
  • "One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations."
  • "Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues."

What is our primary use case?

I have been using One Identity Active Roles for almost the last two years.

My main use case of One Identity Active Roles is for user provisioning, group management, delegated administration, and handling access-related requests in a controlled and consistent manner.

A common example is managing department-based security groups. When new employees join, we use One Identity Active Roles to add them to the appropriate group based on their role, while delegated administrators can handle routine updates without needing full Active Directory administrative privilege. This helps to keep access management consistent and reduce dependency on the IT team for everyday requests.

Besides user and group management, we also use One Identity Active Roles for delegated administration and access governance. It helps us to standardize Active Directory tasks, reduce manual changes, and maintain better control over who can perform specific administrative actions.

What is most valuable?

The features I find most valuable in One Identity Active Roles are delegated administration, workflow automation, and role-based access control. These features help reduce manual Active Directory management, improve governance, and allow different teams to handle routine tasks without requiring full administrative privileges.

One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations. It reduced manual administrative work, improved delegation of routine tasks, and provided better control over access management. As a result, administrative processes became more streamlined and easier to govern.

One noticeable outcome was a reduction in the time spent on routine Active Directory tasks. Delegation and automation helped teams to handle common requests more efficiently without involving senior administrators. We also saw fewer administrative errors because user and group management follows standardized processes. In addition, audit and access review activities became easier due to better visibility into changes and permissions.

Another feature I need to add is that the auditing and reporting capability provides better visibility into administrative changes and helps us during compliance and review troubleshooting. I also appreciate that One Identity Active Roles centralizes many Active Directory management tasks, making administration more organized and consistent across the different teams.

What needs improvement?

One area for improvement in One Identity Active Roles would be reporting and dashboard customization. While the available reports are useful, having more flexible and easier-to-build reports would help administrators to get insights more quickly. I would also like to see a more modern user interface and better visibility into complex workflow and delegated admin permissions, especially in larger Active Directory environments.

Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues. Identifying the root cause can sometimes take longer than expected. I would also welcome more built-in guidance and recommendations for administrators, especially when managing large environments with multiple teams and permission structures.

For how long have I used the solution?

I have been working in my current field for the last three to four years.

What do I think about the stability of the solution?

One Identity Active Roles has been a very stable platform. We use it regularly for provisioning users, group management, and delegated administrator-related tasks, and it performs very reliably without any doubt, with very few operational issues. Most of the challenges were related to workflow configuration or process changes rather than the product's stability itself.

What do I think about the scalability of the solution?

From my perspective, One Identity Active Roles can scale well as the environment grows. We were able to support an increasing number of users, groups, and administrator requests without significantly changing our management processes. The delegation and automation features help maintain efficiency even as the Active Directory environment expanded.

How are customer service and support?

The customer support is very good. Sometimes we face some issues from customer support, but that is part and parcel of life, so that is not a big challenge. Overall, it is good.

Which solution did I use previously and why did I switch?

We were using a different solution before choosing One Identity Active Roles. We were using PowerShell for the administrative tasks. We switched because we needed better delegation, centralized management, automation, and governance. As the environment grew, managing everything through native tools became more time-consuming and harder to control consistently.

How was the initial setup?

Our experience with pricing and licensing for One Identity Active Roles is generally positive. One Identity Active Roles is enterprise-focused, so the investment is justified when you need strong delegation, automation, and governance capabilities. From a setup perspective, installation was straightforward. Most of the effort went into planning the administrative role and delegation models and workflow rather than the technical deployment itself.

I would describe the integration of One Identity Active Roles with my existing IT infrastructure and directory services as fairly straightforward since our environment was already centered around Active Directory. Connecting One Identity Active Roles to existing Active Directory services was relatively smooth. Most of the effort was focused on defining the delegation model, workflow, and administrative roles rather than the technical integration itself. Our deployment fit well with our existing infrastructure.

What was our ROI?

We have seen a positive return on investment from One Identity Active Roles. The biggest benefit has been the time savings through the delegation and automation of routine Active Directory tasks. For example, password resets, user updates, and group membership changes can be handled by delegated teams without involving senior administrators. This reduces administrative workload, improves response times, and allows the IT team to focus on other strategic activities.

Which other solutions did I evaluate?

We were evaluating more options including Microsoft Identity Manager and SailPoint IdentityIQ before choosing One Identity Active Roles. We chose One Identity Active Roles because of its integration, delegating administration, and automation capabilities. This integration is very smooth, which is why we chose this solution.

What other advice do I have?

Delegated administration has had the biggest impact for me. It allows routine tasks such as password resets, account updates, and group membership changes to be handled by the support team without granting full Active Directory administrative rights. In day-to-day work, this reduces the number of requests reaching the IT team and helps us to focus on more complex administrative and infrastructure tasks.

In my experience, the output from One Identity Active Roles has been reliable and consistent. User provisioning, group management, and delegated administration tasks generally work as expected when the policies and workflows are configured correctly. From an automation perspective, the platform relies more on predefined roles and automation than AI-driven decision-making. Because of that, the results are predictable and dependable, which is important for identity and access management operations.

In our environment, One Identity Active Roles is deployed in a hybrid environment. The solution is hosted within our on-premises infrastructure and integrated with cloud services where needed. This approach allows us to maintain control over Active Directory administration while supporting broader hybrid identity requirements.

As a part of our hybrid environment, we primarily use Microsoft Azure. It integrates well with our Active Directory and identity management infrastructure, making it easier to support both on-premises and cloud-based resources. Azure has helped maintain a consistent approach to identity access management and governance across the environment.

We do not apply fine-grained policies.

My impression of the automation capabilities provided by One Identity Active Roles is positive. They help reduce manual Active Directory administration and ensure that routine tasks follow consistent processes. For example, user onboarding can be automated so that new accounts are created with the correct attributes, group memberships, and permissions based on a predefined role. This saves time and reduces the chances of configuration errors.

One Identity Active Roles helped reduce both the complexity and workload of Active Directory administration. Routine tasks such as user provisioning, group membership updates, and account maintenance become more structured and easier to manage. As a result, administrators spend less time on repetitive tasks and more time on high-priority projects, while also reducing the risk of manual errors.

I would definitely refer my friends and colleagues to One Identity Active Roles to whoever wants to reduce the administrative load. My advice would be to start with a clear delegation and strategy and governance model before implementation. This will help to ensure that the administrative responsibilities and access controls are properly defined from the beginning. I would also recommend starting with core use cases such as user provisioning and group management, then expanding into more advanced automation workflows as the team becomes familiar with the platform.

We are only a customer of One Identity Active Roles. I would rate this product overall as an 8 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 13, 2026
Flag as inappropriate
PeerSpot user
Senior ISR at Panthomat group
Real User
Top 20
May 29, 2026
Automation has transformed onboarding and delegated access and now streamlines daily governance
Pros and Cons
  • "One Identity Active Roles has impacted our organization positively because the biggest benefit has been reducing manual administration through automation and standardized workflows, so tasks such as onboarding, offboarding, group assignments, and access requests are now much faster and more consistent than before, helping create a more structured identity management process across the organization."
  • "There is room for improvement in One Identity Active Roles. While the product is very capable, managing complex workflows and hybrid environments can sometimes require deeper expertise than expected, so better cloud integration and troubleshooting visibility would also be valuable improvements."

What is our primary use case?

My main use case for One Identity Active Roles is user provisioning and group administration, workflow automation, access management, and employee onboarding and offboarding processes. When a new employee joins, One Identity Active Roles automatically creates the account, applies the correct policies, assigns role-based security groups, and routes approval if required.

The main focus of how I use One Identity Active Roles is user management through onboarding and offboarding, lifecycle management, access control, and reducing manual administrative effort through automation.

The automation capabilities are one of the strongest features of One Identity Active Roles. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

The main use case is automation of processes such as employee user management, onboarding, and offboarding. The automation process makes these tasks smooth and fast, allowing administrative work to be reduced and time to be saved.

What is most valuable?

The best features One Identity Active Roles offers in my experience include workflow automation, delegated administrations, user provisioning, de-provisioning, role-based access control, auditing, and hybrid Active Directory management. A workflow engine is especially valuable because it automates repetitive tasks such as onboarding, offboarding, and access requests, which saves time and reduces manual errors. I also appreciate the delegated administration features because they allow teams to handle specific tasks without giving full AD privileges, improving both security and efficiency, while the auditing and reporting capabilities are very useful for compliance.

Workflow automation has reduced repetitive manual work through onboarding, access requests, and account management, while delegated administrations allow support teams to handle routine tasks without full AD access. This has improved efficiency, reduced bottlenecks, and strengthened security through better access control and auditing.

I would like to highlight the auditing and reporting features of One Identity Active Roles because they provide good visibility into changes and help with compliance and troubleshooting. The fine-grained delegation and centralized management across Active Directory and cloud environments are also very valuable in our day-to-day activity.

One Identity Active Roles has impacted our organization positively because the biggest benefit has been reducing manual administration through automation and standardized workflows. Tasks such as onboarding, offboarding, group assignments, and access requests are now much faster and more consistent than before, thus helping create a more structured identity management process across the organization.

There are several positive outcomes since implementing One Identity Active Roles. Overall, the biggest gains have been time saving, improved consistency, reduced manual error, and better operational efficiency rather than a direct headcount reduction.

What needs improvement?

There is room for improvement in One Identity Active Roles. Based on my experience using it for the last two years, I see potential for a more modern UI, simpler workflow customization, and easier reporting. While the product is very capable, managing complex workflows and hybrid environments can sometimes require deeper expertise than expected, so better cloud integration and troubleshooting visibility would also be valuable improvements.

In terms of needed improvements, I would like to see enhancements around the reporting dashboard and cloud-focused management features. While the core functionality is strong, most of the improvements I would like to see are around usability, visibility, cloud management, and making advanced features easier to configure and maintain rather than major gaps in the product itself.

For how long have I used the solution?

I have been using One Identity Active Roles for the last two years.

What do I think about the stability of the solution?

One Identity Active Roles is stable.

What do I think about the scalability of the solution?

One Identity Active Roles is definitely scalable. I purchased this for its scalability and have seen its ability to handle increasing numbers of users, groups, access requests, and administrative tasks without major issues. The automation and delegation administration features help a lot because they reduce the workloads on administrators.

How are customer service and support?

Customer support is quite good.

Which solution did I use previously and why did I switch?

Before switching to One Identity Active Roles, user and access management was mainly handled through native Active Directory tools, manual processes, and a few scripts. As the environment grew, those methods became hard to manage and audit, so I adopted One Identity Active Roles to automate routine tasks, improve delegations, strengthen governance, and reduce manual effort.

How was the initial setup?

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was very straightforward overall, especially because our environment was already based on Active Directory and Microsoft services. The initial integration with Active Directory was relatively smooth, and One Identity Active Roles fit well into our existing identity management process, designed to work across AD, Entra ID, and Microsoft 365, which helped simplify administrations in our hybrid environment.

What about the implementation team?

I did not purchase One Identity Active Roles through AWS Marketplace, as I use AWS as a part of our hybrid cloud environment, but the licensing and procedure were done directly through our organization's standard software procurement process rather than through the AWS Marketplace.

What was our ROI?

I have seen a positive return on investment mainly through time savings and operational efficiency. While I do not have exact financial figures, a good example is onboarding and user provisioning. Before One Identity Active Roles, creating accounts, assigning groups, and validating permissions was largely manual work, taking around twenty to thirty minutes per user, but with automated workflows, that process now takes just a few minutes for standard requests.

I have utilized the fine-grained permissions control and delegated administration features quite extensively. One of the biggest impacts has been supporting the least privileged principle by allowing users and teams to perform only the specific administrative tasks they need without giving broad Active Directory access. For example, help desk teams can handle password resets and account unlocks, while application owners can manage only their own groups and resources.

What's my experience with pricing, setup cost, and licensing?

In my experience, the pricing is at an enterprise level, but the setup and licensing were justified by the automation and governance features. Setup required planning and configuration, but licensing was straightforward, and the long-term operational benefits provided good value.

Which other solutions did I evaluate?

I evaluated Microsoft Native Active Directory tools, ManageEngine ADManager Plus, and some identity governance platforms such as SailPoint. I selected One Identity Active Roles because of its automation, delegation administration, auditing, and strong Active Directory management capabilities.

What other advice do I have?

For others considering One Identity Active Roles, my advice would be to first check your user management process and how onboarding and access management would be taken care of before deployment, starting with key automation use cases. If implemented properly, One Identity Active Roles can save a lot of administrative effort while improving security and compliance, so it is important to clearly define your governance model, roles, and approval processes before deployment.

My experience with delegated administration has been very positive. Before One Identity Active Roles, most routine requests had to go through senior Active Directory administrators, which often created delays and bottlenecks. Now, with delegated administrations, I can assign specific responsibilities to help desk teams, application owners, or business units without giving them full AD privileges. For instance, help desk staff can handle password resets and account unlocks, while certain teams can manage their own group's membership, significantly improving workflow because routine requests are resolved faster, reducing the workload on senior administrators and controlling access more securely through the least privilege model.

One Identity Active Roles offers automation capabilities that are among the strongest features available. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

This review has received an overall rating of eight out of ten.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 29, 2026
Flag as inappropriate
PeerSpot user
senior developer at Wealthcompany.in
Real User
Top 20
May 28, 2026
Automated onboarding has transformed access control and governance in daily directory operations
Pros and Cons
  • "One Identity Active Roles has had a strong impact on Active Directory operations by reducing manual administrative workload, improving access governance, and standardizing provisioning and permission management procedures."
  • "Areas for improvement in One Identity Active Roles include UI modernization, workflow customization, flexibility in reporting, and troubleshooting visibility."

What is our primary use case?

My main use case for One Identity Active Roles is centered on Active Directory automation and delegated access management. It helps reduce manual AD administration, control, automated onboarding, offboarding, and simplifies compliance and auditing across the organization.

One specific example of how I use One Identity Active Roles for automation or delegated access management in my daily work is automated employee onboarding. When HR adds new employee details, One Identity Active Roles automatically creates their AD account, assigns them to the correct OU group membership, and applies permissions based on the department or role. This reduces manual effort and provisioning time significantly.

What is most valuable?

The best features One Identity Active Roles offers are automation, delegated administration, role-based access control, approval workflow, and centralized auditing. For me, automation and delegated administration made the biggest difference because they reduce manual Active Directory workload and improve security by limiting unnecessary privileged access.

One area where One Identity Active Roles has positively impacted my organization is through automation and delegated administration. For example, instead of giving full domain admin rights to our service desk team, I delegate only specific tasks such as password reset, account unlock, or group management through our RBAC policies. On the automation side, when the employee leaves the organization, One Identity Active Roles automatically disables the account, removes group membership, and updates access policies, which reduces manual efforts.

What needs improvement?

Areas for improvement in One Identity Active Roles include UI modernization, workflow customization, flexibility in reporting, and troubleshooting visibility. This is particularly important in large environments when managing complex approval workflows.

For how long have I used the solution?

I have been using One Identity Active Roles for about four to five years.

What do I think about the stability of the solution?

One Identity Active Roles has been stable in my environment. Even with a large Active Directory environment and multiple delegated administration workflows, I did not face major stability issues. Most operational challenges were more related to workflow complexity or synchronization troubleshooting rather than product outages or crashes.

What do I think about the scalability of the solution?

One Identity Active Roles scales well in large enterprise environments. It can efficiently manage thousands of users, groups, OUs, and Active Directory administrative tasks through centralized automation and delegation. In my environment, with a large AD structure and multiple workflows, it scales reliably. Although in very complex hybrid environments, workflow performance and synchronization tuning can sometimes require additional tuning and planning.

How are customer service and support?

The support for One Identity Active Roles has generally been good in my experience. The support team has been technically knowledgeable, especially for Active Directory integration, RBAC, and workflow-related issues. For normal operational issues, the support team has been responsive and helpful, but for complex enterprise cases or advanced support, the escalation and resolution could sometimes take longer, depending on the environment complexity.

I would rate customer support for One Identity Active Roles around 7 out of 10. The technical knowledge of the support team is good, especially for Active Directory and RBAC related issues, but sometimes response and escalation times for complex enterprise problems could be slower than expected.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, I mainly relied on native Active Directory tools, manual administration, and some PowerShell scripting for user provisioning and permission management. As the environment grew, managing users, groups, and delegating permissions manually became time-consuming and harder to track from a governance and compliance perspective, which is why I moved to a more centralized and automated solution.

How was the initial setup?

Integrating One Identity Active Roles with my existing IT infrastructure was moderately easy overall. Since my environment was already heavily based on Active Directory and Microsoft technologies, the core integration was straightforward. The more challenging part was configuring complex workflows, delegated permissions, and integrating hybrid or customized environments, which required careful planning and testing.

What was our ROI?

I saw a good ROI with One Identity Active Roles. This was through reduced manual administration, faster user provisioning, and lower service desk workload. Routine tasks such as password resets, account unlocks, and group management became more automated, which saved significant operational time. I also saw fewer manual errors and better compliance visibility.

What's my experience with pricing, setup cost, and licensing?

Pricing, setup, and licensing for One Identity Active Roles were generally good for an enterprise environment. Although the initial setup and licensing can be high for a smaller deployment, it requires proper planning around the AD architecture, RBAC design, and workflow configuration. It reduced significant manual administration work and operational efficiency for tasks and compliance.

Which other solutions did I evaluate?

Before choosing One Identity Active Roles, I evaluated options such as Microsoft Identity Management and SailPoint IdentityQ. I selected One Identity Active Roles mainly because of its strong Active Directory integration, delegated administration capabilities, automation features, and easier RBAC management for my environment.

What other advice do I have?

My impression of the automation capabilities provided by One Identity Active Roles is positive, especially for organizations heavily dependent on Active Directory administration and governance. The automation, delegated administration, and RBAC capabilities reduce significant manual operational work and improve security controls. At the same time, in large environments, workflow complexity and troubleshooting can still require experienced administrators. Proper planning and documentation are important for successful implementation.

One Identity Active Roles has had a positive impact on my organization's compliance efforts by improving centralized auditing, enforcing RBAC and least privilege access, and providing better visibility into AD changes and administrative activities. Earlier, tracking permission changes and user activity was more manual and time-consuming, but One Identity Active Roles made audit and compliance reviews much easier through centralized reporting and approval workflows.

One Identity Active Roles has had a strong impact on Active Directory operations by reducing manual administrative workload, improving access governance, and standardizing provisioning and permission management procedures. It also improved security because privileged access became more controlled through RBAC and delegation instead of using broad domain admin permissions for routine tasks.

One strong feature in One Identity Active Roles is fine-grained permission control and least privilege implementation. Instead of giving full domain admin rights, I delegate only specific tasks such as password reset, account unlock, or group management to our service desk based on our RBAC policy.

My advice to others considering One Identity Active Roles is to first design the RBAC model, delegation structure, and approval workflows properly before implementation. One Identity Active Roles gives strong automation and governance capabilities, but if the AD structure and access processes are not organized, complexity can increase later. I would also recommend starting with a phased rollout and involving both security and AD administrator teams early, especially in large enterprise environments. I would rate this product 8 out of 10 overall.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 28, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.