One Identity Active Roles Reviews

My main use case for One Identity Active Roles is to automate and secure user lifecycle management in Microsoft Active Directory, which helps reduce manual administrator efforts, enforce policies, and enable delegated administration with proper governance. For internal role changes, One Identity Active Roles updates access rights through control workflows, ensuring least privilege access. During employees' exits, accounts are automatically disabled and access is revoked. To maintain security, I use delegations to allow helpdesk teams to reset passwords and manage basic user attributes without giving full administrative rights. Approval workflows are implemented for sensitive access requests, ensuring compliance and audit readiness.

One Identity Active Roles centralizes and automates identity and access management for Microsoft Active Directory environments, primarily used to streamline user lifecycle management, enforce security policies, and enable role-based access control through delegated administrators. The solution helps reduce manual intervention and administrative tasks such as user account creation, modification, and deactivation, ensuring that access provisioning follows standardized workflows with proper approval, improving governance and compliance. Additionally, One Identity Active Roles provides auditing and reporting capabilities, which help organizations track changes, maintain compliance, and enhance overall security posture.

One of the standout features of One Identity Active Roles is its powerful automation capability, which streamlines user provisioning and de-provisioning processes and significantly reduces manual effort and minimizes human error. The delegation model is another key strength that allows organizations to assign limited administrative rights to helpdesk teams using role-based access control without granting full domain admin privilege, enhancing security. The approval workflow engine is highly valuable, ensuring that sensitive access requests go through proper authorization, improving governance and compliance. Additionally, the auditing and reporting capabilities provide complete visibility into changes made in Active Directory, which is critical for compliance and security monitoring. Finally, its seamless integration with Microsoft Active Directory and Microsoft Entra makes it effective in managing both on-premises and hybrid identity environments.

In addition to its core automation and delegation capabilities, One Identity Active Roles offers several advanced features that enhance identity management. One notable feature is policy-based management, allowing organizations to enforce standardized rules such as naming conventions, attribute validation, and access control policies automatically. The solution also provides a web-based interface, enabling self-service capabilities for end-users and simplifying administrative tasks for IT teams. Another valuable feature is its advanced auditing and reporting system, providing detailed insight into all changes made within Active Directory, which is particularly useful for compliance and security monitoring. One Identity Active Roles supports hybrid identity environments through seamless integration with Microsoft Active Directory and Microsoft Entra ID, allowing centralized management of both on-premises and cloud identities. Additionally, the solution includes flexible workflow customization, enabling organizations to design approval processes tailored to their business requirements. Overall, these additional features make One Identity Active Roles a comprehensive and scalable identity and access management solution.

One Identity Active Roles can be improved, as there are a few areas that could be enhanced. The initial setup and configuration can be complex, especially when designing workflows, policies, and delegation models. It requires proper planning and skilled resources to implement effectively. The user interface, although functional, could be more modern and intuitive, as new users may require some time and training to become comfortable with the system. Reporting flexibility could also be improved, as there are built-in reports that are useful, but more customizable and user-friendly reporting options would enhance the overall experience. Additionally, the license cost is relatively high, which may concern small- to mid-sized organizations. Improving documentation and providing more guided implementation resources would help organizations accelerate deployment and reduce dependency on external support. Overall, addressing these areas would make the solution more accessible and easier to adopt.

One Identity Active Roles is a mature and feature-rich solution, but there are a few areas where improvement would enhance the overall experience, such as simplifying the initial deployment and configuration process, improving the user interface, enhancing reporting capabilities by providing more flexible options, and offering better documentation with more detailed implementation guides. Additionally, optimizing licensing costs or offering more flexible pricing models could make the solution more accessible to a wider range of organizations.

I have been using One Identity Active Roles for around one to two years in an enterprise environment, primarily for Active Directory automations and access governance.

One Identity Active Roles is stable and reliable in my environment, as I experience consistent performance with minimal downtime, handling large-scale user management operations efficiently without performance degradation. Once it is properly configured, it runs smoothly and supports day-to-day identity management tasks without issue, with any minor issues encountered mostly related to configuration and integration rather than the core stability of the product. Overall, I consider One Identity Active Roles to be a stable solution, suitable for enterprise-grade environments.

The scalability of One Identity Active Roles in my experience efficiently supports a large user base of five thousand or more users without performance issues, handling increasing workloads such as user provisioning, access management, and workflow processing with ease. The architecture allows for scaling by adding additional One Identity Active Roles servers, enabling load distribution and improved performance as the environment grows, and performs well in a hybrid environment by integrating with Microsoft Active Directory and Microsoft Entra ID, making it adaptable to both on-premises and cloud-based identity management needs. Overall, the solution provides strong scalability and can grow alongside organizational requirements without significant limitation.

My experience with customer support for One Identity Active Roles has been generally positive, as the support teams are knowledgeable and capable of handling technical issues related to configuring workflows and integration, responding promptly and helpfully to critical issues to ensure minimal operational impact. For standard or low priority cases, response times can vary, but the overall support quality remains satisfactory. The availability of documentation and knowledge-based articles is helpful, although more detailed and implementation-focused guidance would further improve the experience. Overall, I rate customer support around eight out of ten for responsiveness and technical expertise.

I previously used a different solution, managing Microsoft Active Directory manually using native administrator tools and scripts, which provided basic functionality but lacked automation, centralized control, and governance features. Most user provisioning, modification, and access management tasks were performed manually, making it time-consuming and prone to human errors, with challenges in delegation and audit visibility. After moving to One Identity Active Roles, I achieve better automation, improved security through controlled delegation, and enhanced compliance with detailed auditing and reporting, significantly improving efficiency and reducing operational risk compared to the previous approach.

The initial setup and configuration of One Identity Active Roles can be complex, especially when designing workflows, policies, and delegation models. It requires proper planning and skilled resources to implement effectively. Organizations need to carefully coordinate the implementation process, involving multiple teams, including AD, security, and infrastructure, to ensure success.

I have observed a strong return on investment after implementing One Identity Active Roles, especially in terms of operational efficiency and risk reduction, as the automation of user lifecycle management reduces manual administrator efforts by approximately fifty percent, allowing IT teams to focus on more strategic tasks, while user provisioning timing decreases by around sixty to seventy percent, improving onboarding and overall service delivery. Overall, I believe the solution delivers solid ROI within a reasonable timeframe.

My experience with the setup cost and licensing of One Identity Active Roles is that it has been on the higher side, as expected for an enterprise-grade identity and access management solution. The initial investment includes licensing, infrastructure setup, and implementation effort, with licensing typically based on the number of managed users or accounts, which can increase costs in large environments. However, the overall cost is justified by the value it delivers, as the automation capabilities significantly reduce manual administrative efforts, lowering operational costs over time while minimizing security risks and helping avoid potential compliance penalties. From a long-term perspective, I observe a good return on investment due to improved efficiency, reduced errors, and better governance. Overall, while the upfront cost might seem high, the benefits and operational savings make it a worthwhile investment for medium to large enterprises.

My advice to organizations considering One Identity Active Roles is to clearly define their identity management requirements and plan the implementation carefully. Investing time designing workflows, delegation models, and policies before deployment ensures smooth operation and maximum benefit from the solution. Organizations should also conduct a proof of concept to validate key use cases such as lifecycle automation and access governance, and proper training for administrators and helpdesk teams is essential to fully utilize the platform's capabilities. Overall, One Identity Active Roles is highly recommended for organizations looking to streamline and secure Active Directory management. I provide this review with an overall rating of nine out of ten.

On-premises

Microsoft Azure

One Identity Active Roles serves as the primary tool in our organization to streamline and secure Active Directory management by automating administrative tasks, enforcing governance policies, and reducing the risk of human error. It helps us delegate access control efficiently through role-based administration, ensuring that the right users have the appropriate permissions without granting excessive privilege. Additionally, it enhances compliance by providing detailed auditing, reporting, and approval workflows for changes made within the directory, which is especially important for maintaining security standards and regulatory requirements. Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization.

A practical example from our daily use of One Identity Active Roles is our automated user provisioning process, where it is configured with policies and workflows that trigger as soon as a new employee is added to our HR systems or Active Directory. The system automatically assigns the correct group membership, email access, and permissions based on their roles and department, while also enforcing naming conventions and security rules simultaneously. Privileged access requests, such as adding a user to admin groups, go through an approval workflow that requires managerial authorization and is fully logged for auditing. This approach not only saves significant manual effort for the IT team but also ensures strict governance, consistency, and compliance without relying on individual administrators to remember every policy.

Our main day-to-day use of One Identity Active Roles revolves around simplifying and controlling Active Directory operations through delegated administration and policy-based management. We allow helpdesks or junior IT staff to handle routine tasks such as user creation, password resets, and group modifications without giving them full domain access, ensuring security is never compromised. Simultaneously, we rely heavily on its built-in workflows and approval mechanisms for sensitive changes, such as privilege escalation or access to critical systems, which ensures every action follows a defined governance process and is properly audited. Its automation capabilities help maintain consistency in user attributes, enforce compliance policies, and reduce manual errors, making it an essential tool that keeps our identity management efficient, secure, and aligned with organizational standards on a daily basis.

The workflow automation and auditing features of One Identity Active Roles have made a clear impact in our daily work, especially in handling access requests and compliance tracking. When a user needs elevated privileges, the request automatically goes through a predefined approval workflow instead of relying on manual emails, ensuring proper authorization before any changes are made and every action is logged with full details. This becomes extremely useful during audits or troubleshooting because we can quickly track who made what changes and when, reducing investigation time and improving accountability. This approach also removes the dependency on manual follow-ups and minimizes the risk of unauthorized access.

One of the best features of One Identity Active Roles is its strong combination of automation, security, and centralized control, which makes Active Directory management much more efficient and governed. A standout feature is workflow automation, where repetitive tasks such as user provisioning, deprovisioning, and access changes are handled automatically based on predefined rules, saving time and reducing manual errors significantly. Another key feature is role-based delegation, which allows organizations to grant limited control access to helpdesks or junior staff without exposing critical admin privileges, ensuring a least privilege security model. One Identity Active Roles also offers policy-based management where rules enforce naming conventions, mandatory attributes, and compliance standards during any Active Directory changes, maintaining consistency across the environment. Additionally, features such as dynamic groups, memberships, and temporal access automatically add or remove users from groups based on coordination or time, which is very useful for managing temporary or role-based access. Finally, its auditing and reporting capabilities provide full visibility into who made what changes and when, helping with compliance, troubleshooting, and security monitoring. Overall, these features together make One Identity Active Roles a powerful tool for improving efficiency, strengthening governance, and securely managing identity and access management operations.

One area where One Identity Active Roles can be improved is in simplifying its initial setup and configuration process, as deployment can be complex and time-consuming for a new user or organization without deep Active Directory expertise, which can slow down adoption and require additional training or support. Additionally, improving the user interface to make it more intuitive and user-friendly would enhance the overall experience for administration, especially for those who are not highly technical. There is also scope to enhance performance in certain scenarios such as reporting over slower networks. Expanding flexibility in customization and integrations could further strengthen its usability in modern hybrid and cloud environments, making it even more efficient and easier to manage at scale.

One improvement I would particularly highlight for One Identity Active Roles is the need for seamless integration with modern cloud platforms and hybrid environments. Many organizations now operate beyond traditional on-premises Active Directory, and having more out-of-the-box connection connectors and easier configuration for tools such as Azure or other SaaS applications would save time and effort. Making reporting and dashboards more customizable and intuitive would help administration quickly derive insights without relying on external tools. Improving documentation and in-product guidance could also make troubleshooting and advanced configuration much easier, especially for new users who are still becoming familiar with the platform.

I have been using One Identity Active Roles for the last two years.

One Identity Active Roles is generally considered a stable and reliable solution in most enterprise environments, as many users rate its stability quite high, often between seven to ten out of ten. They highlight that it performs consistently well for automation, delegation, and auditing tasks.

One Identity Active Roles is highly scalable and can easily support large enterprise environments with thousands to even hundreds of thousands of users across multiple domains. It grows well with our organization's needs without major performance issues, making it suitable for both mid-sized and large companies.

Customer support for One Identity Active Roles is generally good, as most users report that the support team is responsive, technically knowledgeable, and ready to assist whenever tickets are raised, often providing clear and practical solutions to issues. Although in some cases there are slight delays or slower responses for more complex problems, the overall support experience is positive and reliable, though there is room for improvement in response time for critical or advanced issues.

Before adopting One Identity Active Roles, we were primarily relying on native Microsoft Active Directory tools and manual PowerShell scripts for user and access management. We switched because those methods lacked centralized governance, automation, and proper auditing capabilities, which made the process time-consuming and prone to errors. As our environment grew, managing permissions and ensuring compliance became increasingly complex, so moving to One Identity Active Roles helped us streamline operations with automation, enforce consistent policies, and gain better visibility and control over all directory-related activities.

Integrating One Identity Active Roles with our existing IT infrastructure and Active Directory is moderately straightforward but not entirely simple. It fits well within our traditional Active Directory environment and connects effectively with directory services. However, the initial setup, configuration of policies, and aligning it with existing workflows require careful planning and some expertise, especially when customizing roles and permissions. While basic integration is smooth, more advanced setups such as hybrid environments or additional system integrations can add complexity. Overall, it is manageable but does require a certain level of technical understanding to fully optimize its capabilities.

We have seen a clear return on investment with One Identity Active Roles, as it has reduced manual administration effort by approximately fifty to sixty percent, which directly translates into time savings for the IT team. In some cases, tasks that earlier took fifteen to twenty minutes, such as user provisioning or access changes, are now completed in just a few minutes through automation, while also reducing errors significantly, which avoids network and potential security risks. Overall, it has allowed us to handle the same workload with fewer resources or relocate team members to more strategic tasks, ultimately improving our productivity and delivering strong value compared to the investment made.

Our experience with pricing, setup cost, and licensing for One Identity Active Roles has been generally positive, though with a few considerations as the solution follows a subscription-based licensing model, typically calculated based on the number of managed users and required features, which makes it scalable but can become relatively expensive for larger organizations and environments. The initial setup and procurement process was smooth with good vendor support, but the overall cost is on the higher side compared to basic tools, though it is justified by the value it delivers in automation, governance, and time savings. In our case, we found that the return on investment was strong because it significantly reduced manual efforts and administrative workload, making the pricing work despite the higher upfront and licensing costs.

Before selecting One Identity Active Roles, we evaluated a few other identity and Active Directory management solutions such as Microsoft Entra ID, Okta, and ManageEngine ADManager Plus, as they are commonly considered strong alternatives in the identity and access management space with capabilities such as automation, access control, and governance. While each had its strengths, especially in cloud integration or ease of use, we ultimately chose One Identity Active Roles because it offered more granular control, deeper Active Directory management, and stronger policy-based governance tailored to our on-premises and hybrid environment needs.

My advice for anyone considering One Identity Active Roles would be to invest time in proper planning and initial setup, especially around role design, delegation models, and policy configuration, because the real value of the tool comes from how well these are structured from the beginning. Also, ensure your team has a good understanding of Active Directory. I would rate this product a nine out of ten overall.

My main use case for One Identity Active Roles is to handle end-to-end identity life cycle process from user provisioning when an employee joins to modification during role changes, and secure de-provisioning when they leave. This ensures consistency, reduces manual error, and improves operational efficiency. Another key use case is policy-based administration. We enforce standardized naming conventions, attribute validation, and security policy across all AD objects. This helps maintain a clean and compliant directory structure. We also rely heavily on delegation and role-based access control, allowing teams like HR or service desk to perform specific activities without giving them full administrative rights. This improves both security and scalability. Additionally, One Identity Active Roles is used for workflow automation and approval, where access requests or changes go through predefined approval teams. This strengthens governance and ensures audit readiness. Overall, the main goal is to reduce manual effort, improve security, and enforce compliance.

One Identity Active Roles offers a powerful set of features that significantly improve automation, security, and governance in an Active Directory environment. One of the most valuable features is automation and lifecycle management. One Identity Active Roles allows us to automate provisioning, de-provisioning, and group management using workflows and policies. This reduces manual effort and ensures consistency across the organization.

Another key feature is policy-based administration. We can enforce business rules such as naming conventions, attribute validation, and access policies. This ensures that all changes in Active Directory follow a standardized and compliant approach. Delegation and role-based access control is also a standout feature. It enables fine-grained control over who can perform specific tasks, ensuring least-privileged access while distributing administrative responsibility efficiently.

One Identity Active Roles also provides single-pane-of-glass management for hybrid environments, allowing us to manage on-prem Active Directory, Azure AD, and Microsoft 365 from one interface. Another important feature is dynamic group management, where group memberships are automatically updated based on predefined rules. Additionally, the auditing and reporting capabilities are very strong. Every change is tracked with detailed logs, helping with compliance, troubleshooting, and audit readiness. Finally, integration and synchronization with systems such as HR tools, ServiceNow, and cloud platforms allow seamless identity management across multiple systems, making it a central hub for identity governance.

One of the biggest improvements has been operational efficiency by automating user lifecycle management, including onboarding, role changes, and off-boarding. We have significantly reduced manual effort and turnaround time. Tasks that previously took hours can now be done in a minute with far fewer errors. Another major impact has been on security and access control. With delegation and role-based access control, we have been able to enforce the principle of least privilege. Instead of giving broad administrative rights, we assign very specific permissions, which has reduced our risk exposure and improved our overall security posture. From a governance perspective, policy-based administration has helped us standardize how Active Directory is managed. This ensures consistency across the organization and eliminates issues caused by manual inconsistencies. Overall, One Identity Active Roles has helped us move toward a more automated, secure, scalable identity management model, aligning IT operations more closely with business needs.

While One Identity Active Roles is a very powerful platform, there are definitely areas where it can be improved to enhance usability and scalability. First is the user interface and experience. While it is functional, it can feel complex for a new user and less intuitive, especially for onboarding a new user. The second is the learning curve and setup. The initial setup and configuration, especially for policies, workflows, and delegation models, can be quite complex.

Third is reporting and analytics enhancement. Although auditing is strong, the reporting layer could be more flexible and visual, adding features such as more customizable dashboards and better visualization. Fourth is cloud and hybrid enhancement, such as a more seamless integration with Azure AD, Microsoft 365, and other SaaS platforms. Fifth is performance in large environments. In very large-scale deployments, some organizations may experience slower performance during complex queries or workflows. Sixth is documentation and training. While documentation exists, it can sometimes be too technical and not beginner-friendly. Overall, while One Identity Active Roles is already a robust and mature solution, improvements in usability, reporting, and cloud integration could make it even more powerful and accessible in the future.

I have been using One Identity Active Roles for four years.

In terms of stability, One Identity Active Roles is a very stable and mature platform. Once properly implemented, it runs reliably with minimal downtime, handles daily operations consistently, and scales well with organizational growth. Overall, One Identity Active Roles has proven to be a stable, reliable, and well-suited solution for managing Active Directory at scale.

One Identity Active Roles is highly scalable and well-suited for growing organizations. It can effectively handle a large number of users and groups across multiple domains and environments. As the organization grows, we do not need to proportionally increase the admin team. Automation handles repetitive tasks, and delegation distributes responsibility.

Our experience with One Identity customer support has been generally positive and reliable. For more complex issues, resolution may take longer, but overall, the support team is very helpful and knowledgeable.

I did not choose any implementation before One Identity Active Roles, nor did I evaluate any other options. This is my first experience with One Identity Active Roles.

My overall assessment is that integration with the existing IT infrastructure and directory services is moderately straightforward but requires careful planning. Since One Identity Active Roles is designed to work closely with Active Directory, the core integration is quite smooth. It connects natively with domain controllers, which makes onboarding relatively seamless in a standard Microsoft environment. However, the complexity increases when designing delegation models, configuration policies, and workflows. Basic integration is easy to moderate, and advanced configuration and customization are more complex and require expertise.

We have definitely seen a clear return on investment after implementing One Identity Active Roles. The ROI comes mainly from time savings, reduced workload, and improved efficiency rather than just direct cost reductions. For example, by automating onboarding and delegating routine tasks, we have been able to save significant administrative hours each month and avoid expanding the IT team, which directly contributes to cost savings.

Our experience with pricing and licensing for One Identity Active Roles has been on the higher side compared to native tools but justified by the value it delivers. Its pricing and licensing are based on the number of user-managed identities and the features and modules included. While the upfront cost may seem significant, it aligns with an enterprise-grade IAM solution.

One Identity Active Roles has had a significant positive impact on our organization's compliance efforts. One of the biggest advantages is the built-in auditing and traceability. Every action, whether it is user creation, group modification, or permission changes, is logged with clear details of who performed it and when. Additionally, policy-based administration ensures that all changes follow predefined rules, which reduces the risk of non-compliant configurations. One Identity Active Roles has significantly reduced both the complexity and workload of Active Directory administration. After implementation, routine tasks are automated, responsibilities are distributed through delegation, and policies ensure consistency automatically.

My advice to others considering One Identity Active Roles would be to treat it as a strategic investment rather than just a tool. Before implementing, clearly define your identity management processes. Plan your delegation model and policies carefully. Start with a key use case such as user lifecycle resolution. If implemented correctly, it can significantly improve efficiency, security, and governance, but planning is critical to fully realize its value.

Overall, One Identity Active Roles has proven to be a reliable and valuable solution for managing Active Directory at scale. While there are areas for improvement, I would suggest this as one of the best tools I have ever used across my experience. I would rate this solution a 9 out of 10.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is to use it primarily in the FinTech and HealthTech market, where data sensitivity is really high, and for having consistent policy enforcement so that it can reduce the risk significantly.

One specific example of how I use One Identity Active Roles in my HealthTech environment is that one of the biggest gains is the centralized identity access management, which supports secure access for all the clinicians and the staff while maintaining the compliance requirement, which is very critical when dealing with sensitive patient data. The scalability also is great for these types of tech, so it works well in deep tech startups where new services are frequently added. What I appreciate most is that it is adaptive for multi-factor authentication, adding a strong security layer without always interrupting the user, which is very important for both the HealthTech and FinTech environments.

When I integrate One Identity Active Roles with my systems, it bridges the modern cloud apps and older legacy systems within a single identity framework. In real-world environments, especially in HealthTech, having a clean, cloud-only stack is essential, making flexibility very critical. It also supports integration with Active Directory, SAP, and different databases, allowing my organization to unify access control without replacing the existing infrastructure, which is particularly important when dealing with a legacy EMR-based system. This plays a central role alongside different digital platforms.

The best features One Identity Active Roles offers include strong governance and lifecycle management capabilities, especially in environments where access control needs to be highly regulated. It helps ensure that a user only has access to what they truly need, reducing compliance-related risk. Additionally, the strongest point is how well it integrates with both legacy systems and modern infrastructure, which is very helpful for working with deep tech startups that require both legacy system capabilities and modern technologies.

One Identity Active Roles has positively impacted my organization by helping me gain clear visibility and control over user access across all systems. In regulated environments like HealthTech, it is much easier to demonstrate proper governance with specific policies aligned with the system. The automated access certification and audit trails help reduce manual effort in auditing by allowing me to generate reports directly instead of pulling data from multiple systems. This also helped me during regulatory reviews and internal audits by enforcing least privilege access and proper segregation of duties, which lowered the risk of unauthorized access.

Regarding reporting, One Identity Active Roles has helped me in healthcare reporting by building everything from a platform that is very adaptable to the current ecosystem. It helps integrate with microservices and APIs while accommodating older enterprise systems, which is another added advantage.

There are a couple of areas where One Identity Active Roles can be improved. One area is the overall user interface and experience, as the UI is sometimes very complex, so simplifying workflows for non-stakeholders would be helpful. Another improvement is the implementation and configuration complexity, since the initial setup and advanced policy configuration often require specialized expertise, which can slow down deployment in fast-moving tech setups. Additionally, performance for large-scale access or certification campaigns can be optimized further, although I understand that large enterprises can take some time due to complex processes, necessitating improvements in speed and responsiveness. Finally, having a neater analytics and reporting dashboard would be great.

I have been using One Identity Active Roles for almost two to three years.

I find One Identity Active Roles to be stable.

One Identity Active Roles's scalability is impressive, as it has been used for multiple years in enterprise-related systems and scales well with large user bases or complex access requirements. It can manage not only internal employees but also billions of external users. The architecture supports both horizontal and vertical scaling, making it suitable for growing deep-tech environments with continuously added services and users. Its modular design and automation allow capabilities to extend without redesigning the whole system. Overall, I rate its scalability an eight out of ten for supporting reliable business growth and architecture.

The customer support from One Identity Active Roles is really good.

My experience with pricing, setup cost, and licensing is that pricing is generally on the higher side, especially for organizations using multiple modules like identity governance, privileged access, and analytics. It is more suitable for large enterprises rather than startups or medium-sized companies as the pricing is not very cost-friendly. Although it provides comprehensive governance, privileged access, and analytics tools, the pricing can feel complex depending on the licensing model and deployment scale, which organizations should definitely plan for well in advance.

I see a return on investment with One Identity Active Roles, specifically noting a 40% to 60% drop in time spent on provisioning, access reviews, and audit-related tasks. While the upfront cost can be high, the automation, reduced risk, and overall efficiency typically justify the investment, although it may take three to five years to see a complete ROI.

Before choosing One Identity Active Roles, I evaluated options like Microsoft technology and cloud providers such as Okta, SailPoint, Entra, and CyberArk. However, in my experience, One Identity Active Roles is particularly strong for identity governance and compliance, which led me to my decision. Each of these tools has its own pros and cons, and the choice ultimately depends on the organization's priorities.

I have consolidated my use of OneLogin, One Identity Active Roles, and other access control products.

I definitely utilize the fine-grained permission control feature of One Identity Active Roles, which helps me assign permissions not just at the role level, but down to very specific systems and attributes or actions when required. For example, when considering giving a user full database or application-level access, I can restrict them to specific functions like read-only access or limited transactions. This definitely helps enforce the least privilege principle and reduces the risk of misuse or data exposure. It is particularly helpful for policy-based or role-based models, especially in dynamic conditions, such as department-wise, location-wise, or risk level-wise.

Regarding automation capabilities, One Identity Active Roles allows me to automatically provision, modify, or de-provision role-based changes. It helps automate access request and approval workflows, letting users request access through a self-service portal while routing approvals to the necessary stakeholders. This is particularly useful when needing controlled yet quick access. The policy-driven automation is another key strength, as access is assigned based on predefined roles, rules, or attributes, ensuring consistency and compliance without manual intervention.

The impact of One Identity Active Roles on my compliance efforts is significant. It provides centralized visibility to user access, roles, and entitlements, simplifying governance. For FinTech and HealthTech industries, where periodic reviews are required for standard protocols such as PCI DSS or HIPAA, it is very helpful. The platform maintains detailed audit trails and reporting, allowing me to quickly track changes, approvals, and policy violations, making it easier to demonstrate compliance during audits and identify potential gaps or risks early.

One Identity Active Roles significantly reduces the complexity and workload of administrative tasks related to Active Directory. As an admin and CTO, I appreciate how it has reduced manual workload for my admin team, especially when automating repetitive tasks such as provisioning and updating access. It has made management easier, enabling admins to focus on governance and policy decisions rather than routine operations. It improves both efficiency and consistency overall.

One Identity Active Roles helps organizations specifically delegate admin tasks to business users through a role-based system and approval workflows. This means the IT team does not have to handle every access request because managers can review and approve access directly for their teams. It also supports granular delegation of specific admin rights without giving full system control, which is very helpful for large enterprise organizations with multiple departments. Overall, this reduces bottlenecks for the IT team and speeds up access decisions.

My advice for others looking into using One Identity Active Roles is to plan well in advance, as investing time in proper role and access definition before implementation is crucial. One Identity Active Roles is powerful, but if roles, policies, and access are not clearly defined upfront, managing it later can become complex. It is important to have the right expertise or partner support during deployment due to the platform's strong learning curve. Starting with a phased rollout, beginning with critical systems, stabilizing the setup, and then expanding, works really well. I would rate my overall experience with One Identity Active Roles a seven out of ten.

Public Cloud

Microsoft Azure

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

I have used the solution for over three years.

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is user provisioning and group administration, workflow automation, access management, and employee onboarding and offboarding processes. When a new employee joins, One Identity Active Roles automatically creates the account, applies the correct policies, assigns role-based security groups, and routes approval if required.

The main focus of how I use One Identity Active Roles is user management through onboarding and offboarding, lifecycle management, access control, and reducing manual administrative effort through automation.

The automation capabilities are one of the strongest features of One Identity Active Roles. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

The main use case is automation of processes such as employee user management, onboarding, and offboarding. The automation process makes these tasks smooth and fast, allowing administrative work to be reduced and time to be saved.

The best features One Identity Active Roles offers in my experience include workflow automation, delegated administrations, user provisioning, de-provisioning, role-based access control, auditing, and hybrid Active Directory management. A workflow engine is especially valuable because it automates repetitive tasks such as onboarding, offboarding, and access requests, which saves time and reduces manual errors. I also appreciate the delegated administration features because they allow teams to handle specific tasks without giving full AD privileges, improving both security and efficiency, while the auditing and reporting capabilities are very useful for compliance.

Workflow automation has reduced repetitive manual work through onboarding, access requests, and account management, while delegated administrations allow support teams to handle routine tasks without full AD access. This has improved efficiency, reduced bottlenecks, and strengthened security through better access control and auditing.

I would like to highlight the auditing and reporting features of One Identity Active Roles because they provide good visibility into changes and help with compliance and troubleshooting. The fine-grained delegation and centralized management across Active Directory and cloud environments are also very valuable in our day-to-day activity.

One Identity Active Roles has impacted our organization positively because the biggest benefit has been reducing manual administration through automation and standardized workflows. Tasks such as onboarding, offboarding, group assignments, and access requests are now much faster and more consistent than before, thus helping create a more structured identity management process across the organization.

There are several positive outcomes since implementing One Identity Active Roles. Overall, the biggest gains have been time saving, improved consistency, reduced manual error, and better operational efficiency rather than a direct headcount reduction.

There is room for improvement in One Identity Active Roles. Based on my experience using it for the last two years, I see potential for a more modern UI, simpler workflow customization, and easier reporting. While the product is very capable, managing complex workflows and hybrid environments can sometimes require deeper expertise than expected, so better cloud integration and troubleshooting visibility would also be valuable improvements.

In terms of needed improvements, I would like to see enhancements around the reporting dashboard and cloud-focused management features. While the core functionality is strong, most of the improvements I would like to see are around usability, visibility, cloud management, and making advanced features easier to configure and maintain rather than major gaps in the product itself.

I have been using One Identity Active Roles for the last two years.

One Identity Active Roles is stable.

One Identity Active Roles is definitely scalable. I purchased this for its scalability and have seen its ability to handle increasing numbers of users, groups, access requests, and administrative tasks without major issues. The automation and delegation administration features help a lot because they reduce the workloads on administrators.

Customer support is quite good.

Before switching to One Identity Active Roles, user and access management was mainly handled through native Active Directory tools, manual processes, and a few scripts. As the environment grew, those methods became hard to manage and audit, so I adopted One Identity Active Roles to automate routine tasks, improve delegations, strengthen governance, and reduce manual effort.

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was very straightforward overall, especially because our environment was already based on Active Directory and Microsoft services. The initial integration with Active Directory was relatively smooth, and One Identity Active Roles fit well into our existing identity management process, designed to work across AD, Entra ID, and Microsoft 365, which helped simplify administrations in our hybrid environment.

I did not purchase One Identity Active Roles through AWS Marketplace, as I use AWS as a part of our hybrid cloud environment, but the licensing and procedure were done directly through our organization's standard software procurement process rather than through the AWS Marketplace.

I have seen a positive return on investment mainly through time savings and operational efficiency. While I do not have exact financial figures, a good example is onboarding and user provisioning. Before One Identity Active Roles, creating accounts, assigning groups, and validating permissions was largely manual work, taking around twenty to thirty minutes per user, but with automated workflows, that process now takes just a few minutes for standard requests.

I have utilized the fine-grained permissions control and delegated administration features quite extensively. One of the biggest impacts has been supporting the least privileged principle by allowing users and teams to perform only the specific administrative tasks they need without giving broad Active Directory access. For example, help desk teams can handle password resets and account unlocks, while application owners can manage only their own groups and resources.

In my experience, the pricing is at an enterprise level, but the setup and licensing were justified by the automation and governance features. Setup required planning and configuration, but licensing was straightforward, and the long-term operational benefits provided good value.

I evaluated Microsoft Native Active Directory tools, ManageEngine ADManager Plus, and some identity governance platforms such as SailPoint. I selected One Identity Active Roles because of its automation, delegation administration, auditing, and strong Active Directory management capabilities.

For others considering One Identity Active Roles, my advice would be to first check your user management process and how onboarding and access management would be taken care of before deployment, starting with key automation use cases. If implemented properly, One Identity Active Roles can save a lot of administrative effort while improving security and compliance, so it is important to clearly define your governance model, roles, and approval processes before deployment.

My experience with delegated administration has been very positive. Before One Identity Active Roles, most routine requests had to go through senior Active Directory administrators, which often created delays and bottlenecks. Now, with delegated administrations, I can assign specific responsibilities to help desk teams, application owners, or business units without giving them full AD privileges. For instance, help desk staff can handle password resets and account unlocks, while certain teams can manage their own group's membership, significantly improving workflow because routine requests are resolved faster, reducing the workload on senior administrators and controlling access more securely through the least privilege model.

One Identity Active Roles offers automation capabilities that are among the strongest features available. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

This review has received an overall rating of eight out of ten.

My main use case for One Identity Active Roles is centered on Active Directory automation and delegated access management. It helps reduce manual AD administration, control, automated onboarding, offboarding, and simplifies compliance and auditing across the organization.

One specific example of how I use One Identity Active Roles for automation or delegated access management in my daily work is automated employee onboarding. When HR adds new employee details, One Identity Active Roles automatically creates their AD account, assigns them to the correct OU group membership, and applies permissions based on the department or role. This reduces manual effort and provisioning time significantly.

The best features One Identity Active Roles offers are automation, delegated administration, role-based access control, approval workflow, and centralized auditing. For me, automation and delegated administration made the biggest difference because they reduce manual Active Directory workload and improve security by limiting unnecessary privileged access.

One area where One Identity Active Roles has positively impacted my organization is through automation and delegated administration. For example, instead of giving full domain admin rights to our service desk team, I delegate only specific tasks such as password reset, account unlock, or group management through our RBAC policies. On the automation side, when the employee leaves the organization, One Identity Active Roles automatically disables the account, removes group membership, and updates access policies, which reduces manual efforts.

Areas for improvement in One Identity Active Roles include UI modernization, workflow customization, flexibility in reporting, and troubleshooting visibility. This is particularly important in large environments when managing complex approval workflows.

I have been using One Identity Active Roles for about four to five years.

One Identity Active Roles has been stable in my environment. Even with a large Active Directory environment and multiple delegated administration workflows, I did not face major stability issues. Most operational challenges were more related to workflow complexity or synchronization troubleshooting rather than product outages or crashes.

One Identity Active Roles scales well in large enterprise environments. It can efficiently manage thousands of users, groups, OUs, and Active Directory administrative tasks through centralized automation and delegation. In my environment, with a large AD structure and multiple workflows, it scales reliably. Although in very complex hybrid environments, workflow performance and synchronization tuning can sometimes require additional tuning and planning.

The support for One Identity Active Roles has generally been good in my experience. The support team has been technically knowledgeable, especially for Active Directory integration, RBAC, and workflow-related issues. For normal operational issues, the support team has been responsive and helpful, but for complex enterprise cases or advanced support, the escalation and resolution could sometimes take longer, depending on the environment complexity.

I would rate customer support for One Identity Active Roles around 7 out of 10. The technical knowledge of the support team is good, especially for Active Directory and RBAC related issues, but sometimes response and escalation times for complex enterprise problems could be slower than expected.

Before implementing One Identity Active Roles, I mainly relied on native Active Directory tools, manual administration, and some PowerShell scripting for user provisioning and permission management. As the environment grew, managing users, groups, and delegating permissions manually became time-consuming and harder to track from a governance and compliance perspective, which is why I moved to a more centralized and automated solution.

Integrating One Identity Active Roles with my existing IT infrastructure was moderately easy overall. Since my environment was already heavily based on Active Directory and Microsoft technologies, the core integration was straightforward. The more challenging part was configuring complex workflows, delegated permissions, and integrating hybrid or customized environments, which required careful planning and testing.

I saw a good ROI with One Identity Active Roles. This was through reduced manual administration, faster user provisioning, and lower service desk workload. Routine tasks such as password resets, account unlocks, and group management became more automated, which saved significant operational time. I also saw fewer manual errors and better compliance visibility.

Pricing, setup, and licensing for One Identity Active Roles were generally good for an enterprise environment. Although the initial setup and licensing can be high for a smaller deployment, it requires proper planning around the AD architecture, RBAC design, and workflow configuration. It reduced significant manual administration work and operational efficiency for tasks and compliance.

Before choosing One Identity Active Roles, I evaluated options such as Microsoft Identity Management and SailPoint IdentityQ. I selected One Identity Active Roles mainly because of its strong Active Directory integration, delegated administration capabilities, automation features, and easier RBAC management for my environment.

My impression of the automation capabilities provided by One Identity Active Roles is positive, especially for organizations heavily dependent on Active Directory administration and governance. The automation, delegated administration, and RBAC capabilities reduce significant manual operational work and improve security controls. At the same time, in large environments, workflow complexity and troubleshooting can still require experienced administrators. Proper planning and documentation are important for successful implementation.

One Identity Active Roles has had a positive impact on my organization's compliance efforts by improving centralized auditing, enforcing RBAC and least privilege access, and providing better visibility into AD changes and administrative activities. Earlier, tracking permission changes and user activity was more manual and time-consuming, but One Identity Active Roles made audit and compliance reviews much easier through centralized reporting and approval workflows.

One Identity Active Roles has had a strong impact on Active Directory operations by reducing manual administrative workload, improving access governance, and standardizing provisioning and permission management procedures. It also improved security because privileged access became more controlled through RBAC and delegation instead of using broad domain admin permissions for routine tasks.

One strong feature in One Identity Active Roles is fine-grained permission control and least privilege implementation. Instead of giving full domain admin rights, I delegate only specific tasks such as password reset, account unlock, or group management to our service desk based on our RBAC policy.

My advice to others considering One Identity Active Roles is to first design the RBAC model, delegation structure, and approval workflows properly before implementation. One Identity Active Roles gives strong automation and governance capabilities, but if the AD structure and access processes are not organized, complexity can increase later. I would also recommend starting with a phased rollout and involving both security and AD administrator teams early, especially in large enterprise environments. I would rate this product 8 out of 10 overall.

One Identity Active Roles serves as the centralized Active Directory user and group management solution in our organization. We primarily use it for automatic routine identity administration tasks like user provision, role assignment, and group management, which reduce the need for manual Active Directory changes.

A good example in our organization is employee onboarding in Active Directory using One Identity Active Roles. When a few employees join, instead of the IT team manually creating a user account and assigning permissions, the process is triggered through predefined rules and roles based on an employee's department, for example, finance or IT, and One Identity Active Roles handles this automatically.

One Identity Active Roles has become a daily operational control point for identity governance in our organization and environment. Beyond onboarding and role changes, we use it regularly for day-to-day identity administration tasks like resetting and managing user accounts in a controlled way, delegating limited administrative rights to different IT teams, and tracking and auditing every directory change for compliance purposes.

One Identity Active Roles offers excellent features that mainly focus on automation, governance, and secure Active Directory management. A few of them really stand out in daily use. One of the most important features is automated user and group provisioning. It allows us to create, modify, and remove user accounts based on predefined rules, which significantly reduces manual work and ensures consistency across the environment.

The automated user and group provisioning feature in One Identity Active Roles has had a very noticeable positive impact on our team, especially in terms of time saving and accuracy. Before automation, onboarding or updating a user required multiple manual steps in Active Directory, including creating accounts, assigning groups, applying permissions, and verifying everything. This was not only time-consuming but also prone to human error such as missing group assignment or incorrect permissions.

Another feature that stands out in One Identity Active Roles is the delegation and role-based administrative model. It allowed us to safely delegate administrative tasks for different teams without giving them full Active Directory privilege.

One Identity Active Roles has a strong positive impact on our organization, mainly by improving efficiency, security, and governance in Active Directory management. One of the biggest improvements is the reduction in manual administrative work. Tasks such as user creation, group assignment, and access updates are now automated in policies, which has significantly reduced IT efforts and processing time. This has also helped us to avoid common human errors such as incorrect group membership or missing permissions.

Since implementing One Identity Active Roles, we have seen clear improvement in both time efficiency and error reduction, especially in identity lifecycle management. In terms of time saving, the biggest impact is in onboarding and routine Active Directory administration.

One Identity Active Roles has a strong positive impact on our compliance efforts and regulatory readiness. The biggest improvement comes from centralized audit and change tracking. Every identity-related action, such as user creation, group change, or permission update, is automatically logged. This gives us a complete audit trail, which is very important during internal and external compliance reviews.

Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization. Before its implementation, most Active Directory tasks such as user provisioning, group updates, and permission changes were manual and often required coordination between multiple teams. This not only increased workload but also introduced delays and occasional errors.

The delegation capability in One Identity Active Roles has had a very positive impact on our workflow and operational efficiency. Previously, most Active Directory tasks had to go through a central IT or domain admin team. We can now safely assign specific responsibilities to different teams or a support group without giving them full domain-level access.

A few improvements I would like to see in One Identity Active Roles are mainly around usability, reporting, and modern integration. One key area is user interface simplification. While the tool is very powerful, the admin console can feel complex for a new administrator. A more modern, intuitive UI with clearer navigation would make onboarding easier for IT teams. Another improvement area is reporting and analysis. Having more real-time dashboards, customizing reports, and better visibility into identity changes will make it easier to monitor governance at a glance without exporting data manually.

A couple of additional improvement areas stand out, especially around integration and operational flexibility in One Identity Active Roles. One important area is smoother integration with the modern SaaS and cloud identity ecosystem. While it works very well with Active Directory integration, newer cloud-native applications or hybrid environments can sometimes require extra configuration efforts. More out-of-the-box connectors and simpler setup in cloud platforms would make adoption faster and easier.

Better real-time monitoring and alerting would also be beneficial. While the platform does provide auditing and logs, having more proactive, real-time alerts for unusual identity changes such as bulk permission updates or suspected group notifications would be beneficial.

I have been using One Identity Active Roles for two years.

One Identity Active Roles is stable. Based on real-world usage patterns and enterprise feedback, One Identity Active Roles is generally considered stable and reliable in a production environment.

Customer support for One Identity Active Roles is generally good, but with a few mixed experience issues. From our experience, the support team is technically knowledgeable and helpful, especially for standard configuration issues and Active Directory integration questions regarding known product behaviors. When the issue is well defined, they usually provide clear guidance and workflow solutions.

Before choosing One Identity Active Roles, we did evaluate a few other identity and access management solutions, mainly to compare automation, Active Directory governance features, and scalability.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, but required careful planning during setup. Since it is primarily designed for Active Directory environments, integration with our core directory service was quite straightforward and worked smoothly out of the box. It connected well with the existing AD structure, which made initial deployment faster and more stable.

We have seen a clear return on investment with One Identity Active Roles, mainly driven by usage savings, reduced manual effort, and improving operational efficiency rather than direct cost reduction alone. One of the biggest measurable impacts has been administrative time saving.

My advice to others considering One Identity Active Roles is to start with clear planning and a well-defined identity governance model before implementation. From our experience, the tool is very powerful, but the real value comes when rules and access policies are properly designed upfront, with the Active Directory structure being clean and well-organized.

One final thought about One Identity Active Roles is that its biggest strength is not just automation, but the governance structure it brings to Active Directory management. It efficiently shifts identity management from the manual, ticket-driven process to a policy-based control system, which improves both security and operational consistency over time. I would rate this product a 9 overall.

Public Cloud

Amazon Web Services (AWS)