One Identity Active Roles Reviews

One Identity Active Roles serves as the centralized Active Directory user and group management solution in our organization. We primarily use it for automatic routine identity administration tasks like user provision, role assignment, and group management, which reduce the need for manual Active Directory changes.

A good example in our organization is employee onboarding in Active Directory using One Identity Active Roles. When a few employees join, instead of the IT team manually creating a user account and assigning permissions, the process is triggered through predefined rules and roles based on an employee's department, for example, finance or IT, and One Identity Active Roles handles this automatically.

One Identity Active Roles has become a daily operational control point for identity governance in our organization and environment. Beyond onboarding and role changes, we use it regularly for day-to-day identity administration tasks like resetting and managing user accounts in a controlled way, delegating limited administrative rights to different IT teams, and tracking and auditing every directory change for compliance purposes.

One Identity Active Roles offers excellent features that mainly focus on automation, governance, and secure Active Directory management. A few of them really stand out in daily use. One of the most important features is automated user and group provisioning. It allows us to create, modify, and remove user accounts based on predefined rules, which significantly reduces manual work and ensures consistency across the environment.

The automated user and group provisioning feature in One Identity Active Roles has had a very noticeable positive impact on our team, especially in terms of time saving and accuracy. Before automation, onboarding or updating a user required multiple manual steps in Active Directory, including creating accounts, assigning groups, applying permissions, and verifying everything. This was not only time-consuming but also prone to human error such as missing group assignment or incorrect permissions.

Another feature that stands out in One Identity Active Roles is the delegation and role-based administrative model. It allowed us to safely delegate administrative tasks for different teams without giving them full Active Directory privilege.

One Identity Active Roles has a strong positive impact on our organization, mainly by improving efficiency, security, and governance in Active Directory management. One of the biggest improvements is the reduction in manual administrative work. Tasks such as user creation, group assignment, and access updates are now automated in policies, which has significantly reduced IT efforts and processing time. This has also helped us to avoid common human errors such as incorrect group membership or missing permissions.

Since implementing One Identity Active Roles, we have seen clear improvement in both time efficiency and error reduction, especially in identity lifecycle management. In terms of time saving, the biggest impact is in onboarding and routine Active Directory administration.

One Identity Active Roles has a strong positive impact on our compliance efforts and regulatory readiness. The biggest improvement comes from centralized audit and change tracking. Every identity-related action, such as user creation, group change, or permission update, is automatically logged. This gives us a complete audit trail, which is very important during internal and external compliance reviews.

Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization. Before its implementation, most Active Directory tasks such as user provisioning, group updates, and permission changes were manual and often required coordination between multiple teams. This not only increased workload but also introduced delays and occasional errors.

The delegation capability in One Identity Active Roles has had a very positive impact on our workflow and operational efficiency. Previously, most Active Directory tasks had to go through a central IT or domain admin team. We can now safely assign specific responsibilities to different teams or a support group without giving them full domain-level access.

A few improvements I would like to see in One Identity Active Roles are mainly around usability, reporting, and modern integration. One key area is user interface simplification. While the tool is very powerful, the admin console can feel complex for a new administrator. A more modern, intuitive UI with clearer navigation would make onboarding easier for IT teams. Another improvement area is reporting and analysis. Having more real-time dashboards, customizing reports, and better visibility into identity changes will make it easier to monitor governance at a glance without exporting data manually.

A couple of additional improvement areas stand out, especially around integration and operational flexibility in One Identity Active Roles. One important area is smoother integration with the modern SaaS and cloud identity ecosystem. While it works very well with Active Directory integration, newer cloud-native applications or hybrid environments can sometimes require extra configuration efforts. More out-of-the-box connectors and simpler setup in cloud platforms would make adoption faster and easier.

Better real-time monitoring and alerting would also be beneficial. While the platform does provide auditing and logs, having more proactive, real-time alerts for unusual identity changes such as bulk permission updates or suspected group notifications would be beneficial.

I have been using One Identity Active Roles for two years.

One Identity Active Roles is stable. Based on real-world usage patterns and enterprise feedback, One Identity Active Roles is generally considered stable and reliable in a production environment.

Customer support for One Identity Active Roles is generally good, but with a few mixed experience issues. From our experience, the support team is technically knowledgeable and helpful, especially for standard configuration issues and Active Directory integration questions regarding known product behaviors. When the issue is well defined, they usually provide clear guidance and workflow solutions.

Before choosing One Identity Active Roles, we did evaluate a few other identity and access management solutions, mainly to compare automation, Active Directory governance features, and scalability.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, but required careful planning during setup. Since it is primarily designed for Active Directory environments, integration with our core directory service was quite straightforward and worked smoothly out of the box. It connected well with the existing AD structure, which made initial deployment faster and more stable.

We have seen a clear return on investment with One Identity Active Roles, mainly driven by usage savings, reduced manual effort, and improving operational efficiency rather than direct cost reduction alone. One of the biggest measurable impacts has been administrative time saving.

My advice to others considering One Identity Active Roles is to start with clear planning and a well-defined identity governance model before implementation. From our experience, the tool is very powerful, but the real value comes when rules and access policies are properly designed upfront, with the Active Directory structure being clean and well-organized.

One final thought about One Identity Active Roles is that its biggest strength is not just automation, but the governance structure it brings to Active Directory management. It efficiently shifts identity management from the manual, ticket-driven process to a policy-based control system, which improves both security and operational consistency over time. I would rate this product a 9 overall.

The main use case of One Identity Active Roles is to support daily Active Directory administrator tasks. Routine tasks such as user creation, password resetting, account updates, and handling are performed through One Identity Active Roles, which can be managed by the support team and has really improved the efficiency of our teams.

A real-time day-to-day example of using One Identity Active Roles is that a help desk user can reset the password and unlock the account without accessing Active Directory directly. When new users are created, required settings are applied automatically, making our jobs easier and operations very smooth. Previously, this was taking so much time, but nowadays it is automated, so it is a very good solution.

The best features One Identity Active Roles offers, in terms of my use cases, include its policy enforcement to ensure that all changes follow predefined standards, avoiding incorrect configuration and maintaining consistency across Active Directory, the role-based access control that allows assigning permissions based on job roles to simplify management and improve security in our organization, and its automation features.

I need to highlight role-based access control in One Identity Active Roles, as it has had the biggest day-to-day impact. Automation and policy enforcement are powerful, without doubt, but role-based access control is what fundamentally changed how we operate. Earlier, many tasks were a bottleneck, with only a senior admin able to perform most Active Directory changes, resulting in many help desk tickets. However, with One Identity Active Roles, we created fine-grained roles such as password reset, group management, and user provisioning, assigned those roles to the help desk team, and restricted access to only those organizational units based on attributes. Now, 90% of routine tasks are handled without escalation.

The effect of One Identity Active Roles on the complexity and workload of administrative tasks related to Active Directory has been very positive. It significantly reduces the operational burden while making processes more structured and controlled. It has really reduced administrative complexity. Tasks are handled through templates, policies, and workflows, which has significantly reduced the workload.

One Identity Active Roles has really impacted our organization very positively. It has improved control over Active Directory operations and reduced manual efforts. Tasks are completed faster than previously and more securely. These are the positive impacts we are seeing in day-to-day operations.

One Identity Active Roles has really proved its value. While exact numbers vary by environment, the provisioning time reduced by 70 to 80% and it is very smooth, and help desk ticket resolution improved by 60 to 80%. It has really reduced the use of privileged accounts, contributing to the positive impact we are seeing.

As far as improvements to One Identity Active Roles are concerned, I do not think any lack of features is present in the solution. It is working well and is a very powerful solution. There is no need for improvement as per my requirements.

One thing I can add is that One Identity Active Roles could be more simplified for the initial setup and configuration.

I have been using One Identity Active Roles for more than four years.

One Identity Active Roles is stable.

From a scalability perspective, One Identity Active Roles is a very good solution. There is no kind of challenge.

Customer support for One Identity Active Roles is very supportive and good in their technical aspects.

From day one, we have been using One Identity Active Roles only.

Regarding Active Directory integration with One Identity Active Roles, it was very smooth and quick. We have not seen any kind of challenge, and it synced with Active Directory beautifully.

We have seen a huge return on investment with One Identity Active Roles. In many cases, that was quite measurable, such as reduction in provisioning and admin efforts by 40 to 60%, which resulted in reduced need for additional staff. Without it, we would need thousands of additional people. Cost saving and efficiency gain have led to some users reporting approximately 75% ROI and cost reduction.

I have had a great experience with the pricing, setup cost, and licensing of One Identity Active Roles. There is no challenge we have seen as far as the vendor is concerned.

We have not evaluated other options before choosing One Identity Active Roles.

I will highly recommend One Identity Active Roles because it is a very useful tool for improving Active Directory management and control. It really reduces risk and improves efficiency. It is well suited for organizations with a large Active Directory environment, which I will recommend highly. I gave this review a rating of 8.

I have been working in the cybersecurity field for about one year using One Identity Active Roles.

One Identity Active Roles is used for Active Directory management and user lifecycle management, including tasks such as user provisioning, group management, and enforcing access policies in a controlled and automated way.

When a new employee joins, I use One Identity Active Roles to create the user account with predefined templates and automatically assign the required groups and permissions, ensuring consistency and saving time. Similarly, when someone leaves, I can quickly disable the account and remove access.

Password resets and access requests represent another scenario related to our main use case, where Active Directory allows us to delegate tasks securely to help desk teams without giving full admin rights, reducing the workload on admins and ensuring proper control and auditing.

One Identity Active Roles has improved our daily operations by simplifying user management and reducing manual work, as tasks like user creation, password resets, and access changes are faster and more consistent while also improving security by controlling permissions and keeping proper audit logs. Overall, it saves time and makes administration more efficient.

We saw around forty to fifty percent time savings in routine tasks like user creation and password resets, while the help desk workload also reduced since tasks are delegated properly, and errors in access management decreased, improving overall security and consistency.

The best features of One Identity Active Roles, in my opinion, are automated user lifecycle management, rule-based access control, and delegation, which allows us to automate the creation and modification of user roles, saving a lot of time while providing fine-grained access control with least privilege, thereby improving security.

The features are very helpful in daily work, especially with delegation, where we can give limited access to the help desk team to handle tasks like password resets or unlocking accounts without giving full admin rights, improving security and reducing the workload on senior admins.

One more useful feature of One Identity Active Roles is auditing and reporting, which tracks all changes made to user accounts and access, being very helpful for troubleshooting and compliance. Many people do not realize how useful this is for maintaining security and accountability.

One Identity Active Roles is very helpful, but a few improvements could make it even better, such as simplifying the user interface to make it more user-friendly, especially for new users, and making setup and configuration easier. Adding more customization in reporting and improving performance for larger environments would further enhance the experience. Overall, it is a strong tool with minor areas for improvement.

Navigation between different options can feel complex, so simplifying that would help. Additionally, quicker search and better filtering options for users and groups would make daily tasks even faster, enhancing usability.

I have been working in my current field for three years.

One Identity Active Roles is generally stable and reliable, with most users rating its stability quite high, often between a seven to ten out of ten, consistently performing for daily operations like automation and user management without major downtime reported.

One Identity Active Roles is highly scalable, capable of handling large environments with thousands or even hundreds of thousands of users across multiple domains without major issues and continuing to perform well and manage user groups and policies efficiently as the environment grows.

The customer support is good, with the team being knowledgeable and helpful, usually assisting well with issues, although response times can sometimes vary depending on the complexity.

I would rate the customer support a nine out of ten.

We were not using any dedicated solution before One Identity Active Roles, as most tasks were handled manually in Active Directory, and we switched to reduce manual efforts, improve security, and make user management more efficient.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was relatively easy since it works closely with Active Directory, where the basic setup was straightforward; however, some configuration and fine-tuning took time. Once integrated, it works smoothly with our existing infrastructure.

We have seen a good return on investment, as routine tasks like user creation and password resets became faster, saving around forty to fifty percent of the time; delegation also reduced the workload on admins, allowing the team to focus on more important tasks, improving efficiency and reducing operational efforts.

Our experience with pricing, setup cost, and licensing has been reasonable; the initial setup took some effort, especially during configuration, but it was manageable, with licensing being flexible based on the number of users and the environment, making it scalable and providing good value considering the features and time savings.

We did not formally evaluate other tools before choosing One Identity Active Roles, selecting it based on our requirement for better Active Directory management, automation, and security.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory, as routine tasks like user creation, password resets, and access changes are automated or delegated, saving time and reducing manual efforts while making management more structured and consistent, making overall administration easier and more efficient.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very good, allowing us to assign specific tasks like password resets, account unlocks, and basic user management to the help desk team without giving them full admin rights, which has improved our workflow by reducing the workload on admins and speeding up issue resolution while also improving security and accountability since access is controlled and all actions are properly logged.

My advice for others looking into using One Identity Active Roles would be to clearly understand your Active Directory structure and requirements before implementation, plan roles and permissions properly, and make good use of the automation and delegation features to reduce manual work and improve security.

Overall, One Identity Active Roles is a reliable tool that simplifies user management and improves security, saving time and making daily operations more efficient. I would rate this product eight out of ten.

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers.

Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us.

Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake.

About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

One of the things I would like to see more robust is the change history. One Identity Active Roles can only monitor changes that happen in the console, and the logs don't go back longer than thirty days, maybe sixty days. The change history, when we've seen accounts get modified, we leverage a container domain that funnels accounts into our Active Directory console. I would like to see from an initial user provisioning perspective, for them to isolate the workflow and say that this came in on X date and account was created. If anyone were to modify that account from an external resource, I would like to be able to read that as well. One Identity Active Roles is strictly limited to the console. If someone makes a change, the history of those changes is not as long as I would prefer.

Our company has used One Identity Active Roles for over five years. I have been with them for the last four years. Personally, I have been a user and managed the team that controls One Identity Active Roles for four years.

Regarding stability, One Identity Active Roles is mostly stable. The only times it is not is when we have the eight-point-zero long-term service release. I have not seen any sort of hiccups in connectivity. If anything, it is on our side from a networking standpoint. It is a very stable product, at least recently.

One Identity Active Roles is more beneficial to a large corporation. I am sure that licensing can vary in cost, but it is definitely very beneficial to complex Active Directory environments from a control perspective and being able to grant least privileged access that folks need to do their job.

We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there.

Neutral

I have not used any alternatives to One Identity Active Roles. From an on-premises AD standpoint, delegated access has been with LifePoint as long as in my career. That is what we have leveraged. It has been useful. We have rolled it out across several Active Directory domains as our management overlay, but that has been our main one.

When I first started using One Identity Active Roles, it is intuitive. It is not super complex. The management of it, we used it from a user provisioning standpoint before we switched human capital management systems. I was not really involved in that, but from an end user standpoint, you pick your web database server. The thick client is much easier from a UI perspective looking through it because it looks very similar to ADUC if you have any experience in IT. The web portal is fine. I think it is a little more clunky, and that is what most folks use, but it is intuitive. You pick your web or database server, log in with your credentialed account, and it synchronizes and loads. It is seamless, and from an intuitive standpoint, it is on the higher end.

Regarding the pricing of One Identity Active Roles, it is definitely on the expensive side compared to solutions for what it does. It is a necessary need for us. I don't know One Identity Active Roles' business model, but it is very niche in the sense that they are going to target complex environments like mine that have a need for delegated access. There are other IGA platforms that do delegated access and offer a much larger suite of solutions, but it is definitely on the expensive side. I think our total was in the seven-figure range for a couple of years of service.

Overall, I would give One Identity Active Roles a rating of nine out of ten. The main pain point I have is not huge because I know there are AD audit solutions out there individually. But with the control that One Identity Active Roles has, being as intuitive as it is, I think it is a nine out of ten. I would recommend it to any healthcare conglomerate that has multiple hands in an Active Directory environment. There are many components that I think our team is not touching the surface on from a dynamic group perspective, and we just use it for what it is today, but I think there are more components that we could explore.

One Identity Active Roles is used primarily to manage and provision AD user and group accounts, delegate access more securely, and enforce role-based control.

We also use it to automate new joiner, mover, or leaver workflows, apply policy-based approval, and maintain audit and compliance reporting across various customer environments.

For example, One Identity Active Roles is used for user provisioning. When a new AD user is created, One Identity Active Roles automatically places the account in the correct OU, applies naming rules, and assigns role-based group membership based on its department.

If privileged access is requested, it enforces approvals and logs the change for audit compliance.

Day-to-day, One Identity Active Roles is used to delegate AD tasks safely to the service desk team, automate routine user group changes, and enforce policy-based controls so changes are consistent and auditable across multiple customer environments.

One Identity Active Roles offers several valuable features in our experience. Role-based access control allows us to define who can do what and reduces the risk from broad admin rights.

The automated provisioning workflows automatically create, update, and disable accounts with approval steps.

Additionally, group management automation allows us to auto-assign users to groups based on attributes such as department, location, and job roles.

We also value the auditing and compliance reporting, which helps us to track who did what and when, assisting in satisfying compliance requirements.

One Identity Active Roles has helped us standardize and secure identity management across multiple customer environments.

It has also reduced our manual effort through automation and minimized error with policy enforcement, improved our security through role-based access control and approvals, and strengthened our compliance with full auditing.

This results in faster operations with lower risk and more consistent service delivery.

One area where One Identity Active Roles can be improved is by having deeper native connectors with existing and more ITSM and identity tools, which would simplify automation across multiple cloud and customer locations.

I would also suggest enhancing the reporting flexibility; while audit reporting is strong, customizable dashboards and visuals could help non-technical stakeholders gain insight faster.

Some users find the admin console and workflow designer to be somewhat complex, so making the interface more modern could reduce the learning curve.

One Identity Active Roles has had no downtime and no major reliability issues so far. It remains stable, although we have encountered a few issues that are manageable.

One Identity Active Roles is scalable and can be deployed in small organizations to large organizations.

It also scales from one line of business to multiple lines of business under a single centralized cloud management platform.

Interacting with customer support for One Identity Active Roles is always positive. They are knowledgeable, and the response time is low.

Negative

Before One Identity Active Roles, we used manual scripts for user and group management.

We switched because the native tools were time-consuming and very error-prone, lacking the automation and delegated administration features.

One Identity Active Roles provided us with centralized, policy-driven management, automated workflows, and role-based access control, which made managing multiple customer environments much more efficient and secure.

Since using One Identity Active Roles, we have definitely seen a return on investment.

We have saved time; the automated provisioning and rule-based workflows have reduced manual AD tasks by around thirty to forty percent, freeing IT staff for higher priority work.

Additionally, we have reduced costs—fewer errors and misconfigurations mean less time spent troubleshooting, and we actively use that to lower operational costs.

The granular role-based access and audit-ready reporting have also reduced our risk and simplified audits.

My advice for others considering One Identity Active Roles is to proceed with the implementation.

Start with one line of business, and then expand it to multiple lines of business and customer environments.

I also suggest taking advantage of auditing and reporting from day one to simplify compliance.

I would rate this product an eight out of ten.

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

I have been using One Identity Active Roles for more than three years.

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

One Identity Active Roles is used for provisioning and directory management.

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.

Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.

I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.

I have been using One Identity Active Roles for about three years.

One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.

I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.

I rate the vendor's technical support a ten out of ten.

Positive

We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.

The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.

One Identity Active Roles was purchased through a partner.

I am aware of the pricing; it is on the expensive side, though pricing is not my department.

One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.

The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.

I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.

I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.

I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.

The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.

I use One Identity Active Roles primarily for identity management. We use it for managing multiple domains from a single interface, and the domains do not have trust between them. It has been used by multiple support teams, such as the service desk or the identity access management team for account creation, modification, and management of accounts. It is mostly focused on account creation, modification, deletion, and AD objects.

One Identity Active Roles has helped my organization reduce the number of incorrect privileged accounts through the management unit feature. It helps us identify accounts that are not in use, and while creating admin accounts, we use it to set policies regarding which required fields must be filled during account creation. This helps us keep the process clean and ensures all required attributes are filled before account creation. We have scheduled scripts on One Identity Active Roles that check if activity meets criteria. If it doesn't, it will move the account to a specified OU, disable it, or delete it, as per the defined process.

One Identity Active Roles helps us keep accounts consistent. For instance, when somebody leaves the company, all associated accounts get removed, which helps us eliminate unwanted accounts.

For Active Directory, the provisioning and de-provisioning capabilities work exceptionally. The de-provision feature allows account disconnection without disabling it, enabling quick reconnection with automatic group additions. This feature significantly speeds up the process compared to disabling and re-adding to groups.

The comprehensive group membership management feature is exceptional because it offers two features not available in Active Directory directly: adding multiple secondary owners and dynamic groups. The latter is only available for Azure AD, not for on-premise AD.

Using One Identity Active Roles enables temporary group additions. For instance, if a group provides access, we can temporarily add a member, and when the time period expires, the member gets removed automatically.

The granular control is exceptional; we can give the least control required by the team. For modifying any group, we don't have to give create and delete roles; we can just give them the move role. 

The delegation of administrative access impacts IT operations positively through access templates, which are usually created based on the team.

One Identity Active Roles has increased operational efficiency despite occasional slowdowns. Solution consolidation is part of our identity and access management strategy, eliminating the need for direct Active Directory access for the help desk and IAM team.

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners. 

The interface appears outdated. Once logged in, everything inside remains unchanged from years ago. 

Additionally, when they release new features, they should provide training or webinars at least once or twice a year. This would help users stay updated and aware of new features. When I requested a demo session with One Identity, the presenter didn't provide complete details, making it difficult for non-technical managers to understand. The demo should be planned based on the customer's knowledge level.

Regarding visibility in the directory ecosystem, while it is very good, there are limitations. When we add numerous domains, it becomes slow. With around 60 domains, attempting to add approximately 30 caused significant performance issues. We had to remove and decrease the number of domains, indicating room for improvement in managing multiple domains from a single interface.

I have been using One Identity Active Roles for approximately 11 or 12 years.

I would rate the stability as eight out of ten. I have already discovered approximately three defects in the new version. 

While One Identity Active Roles has improved operational efficiency, there are occasional challenges with system slowdowns.

The scalability is excellent, rated around nine or ten out of ten. It can be expanded or decreased based on the SQL server requirements.

In our organization, the solution is open to all users with read-only access, with approximately 200 users having admin access. 

I would rate their support a nine out of ten.

Positive

I've personally deployed systems from scratch, from planning through to completion.

Deployment is not overly complicated. We do need to ensure that the required ports are open and that we have the necessary permissions. However, it does vary from company to company regarding how they manage to get those ports opened and permissions granted. Based on my experience, I would rate the complexity of deployment as about a seven or eight out of ten. In the new version, we did encounter some issues related to system slowness, but other than that, most aspects look good.

The deployment duration depends on your company's processes. If you manage to get the ports opened and the permissions granted quickly, the deployment can be completed in about two months. For us, it took approximately six months because acquiring the necessary permissions and opening the ports took time. Additionally, post-deployment, we needed to conduct some testing as well. So, while I wouldn’t say it takes excessively long, it does depend on your circumstances. If everything is in place, meaning if the ports are open and permissions are set, you could deploy a basic version within two days.

The solution requires regular maintenance, including server patching and routine updates. We monitor alerts and check the website regularly as part of business-as-usual support.

When comparing One Identity Active Roles with other solutions in the market, there are no direct competitors. Having explored alternatives in my previous company, I found it to be more user-friendly and to have more secure features around Active Directory than other available solutions.

Regarding integration, I have not yet integrated One Identity with other One Identity products as this process is ongoing with our recent upgrade. While we have multiple One Identity products, this integration remains a future project.

Regarding lifecycle management capabilities via the workflow engine, we have not fully utilized it because most workplaces have used third-party tools such as Microsoft MIM. At my previous workplace, SailPoint was used for complete account lifecycle management. We primarily used One Identity Active Roles for account management after creation and for modification of admin accounts.

I would recommend One Identity Active Roles based on its ability to manage domains from a single interface and provide minimal-required access based on work requirements. The web interface login and MMC console are very user-friendly.

I would rate this solution an eight out of ten.