What is our primary use case?
Our main use case for One Identity Active Roles is to simplify and standardize Active Directory administration across multiple business units while reducing the amount of manual work handled by our IT team. Before we implemented it, routine tasks like creating user accounts, modifying group membership, disabling accounts for departing employees, and managing organizational unit work were performed directly in Active Directory by different administrators, which sometimes led to inconsistent processes and occasional configuration mistakes. We started using One Identity Active Roles as a centralized management layer with delegated administration, so the regional IT team could perform only the tasks they were authorized to do without receiving full domain administrative privileges. We also use it to automate common provisioning and development processes, which helps ensure new employees receive the right access more quickly and that accounts are visible promptly when someone leaves the company.
The approval workflow and auditing capability made it much easier to satisfy internal compliance requirements because every administrative action was logged and traceable. Day-to-day administration becomes more predictable and less dependent on PowerShell scripts or manual intervention. Although the initial deployment required careful planning around role design and permissions and customizing workflows took some time to get right, overall, it reduced administrative overhead, improved consistency across our One Identity Active Roles environment, and gave us better control over privileged operations. Although I still would like to see a more modern management interface and a simpler process for implementing complex custom workflows.
What is most valuable?
An example that stands out regarding how One Identity Active Roles made a task easier was our employee onboarding process. Before we started using One Identity Active Roles, creating a new user account involved several manual steps performed by different administrators, including creating the Active Directory account, placing the user in the correct organizational unit, and verifying that everything matched with the employee's role. This process could take anywhere from a few hours to a full business day, and occasional mistakes such as assigning the wrong group or missing required permissions resulted in additional support tickets after the employee joined. After implementing One Identity Active Roles, we configured roles with provisioning and approval workflows so that once a request was approved, the account was created automatically with the appropriate attributes, group memberships, and naming standards based on the user's department and job function.
This significantly reduced manual effort, improved consistency, and allowed new employees to have the correct access much sooner. It also gave us a complete audit trail of who requested, approved, and executed each change, which was valuable during compliance reviews while setting up the workflows required careful planning and testing. The long-term reductions in administrative work and provisioning errors made a noticeable difference in our day-to-day operations.
In addition to user provisioning, we also rely on One Identity Active Roles for day-to-day Active Directory administration and delegated access management. As our environment grew, it became increasingly important to ensure that routine administrative tasks could be handled by regional IT teams without granting them full domain administrative privileges. One Identity Active Roles gave us a structured way to delegate specific responsibilities while maintaining centralized control and consistent security.
We also used its auditing capabilities to track changes made to users' accounts, groups, and organizational units, which proved useful during internal audits and when investigating configuration changes. Another benefit was the consistency it brought to administrative processes, as everyone followed the same workflow instead of using different scripts or manual methods. It wasn't a product that eliminated every administrative task, and more complex workflow customization still required planning and expertise. But for everyday identity administrations, it helps us reduce manual effort, improve governance, and make Active Directory management much more organized and predictable.
From my experience, the strongest features of One Identity Active Roles are delegated administration, workflow automation, and its auditing capabilities. Delegated administration made a noticeable difference because we could assign specific administrative responsibilities to help techs or regional IT teams without giving them full Active Directory permissions, which improved security while allowing routine requests to be handled much faster. The workflow automations for user provisioning, account modifications, and deprovisioning help reduce manual effort and ensure that tasks are performed consistently according to our organization's policies, minimizing human error. I also found the auditing and reporting features very valuable because every administrative action was logged, making it much easier to investigate changes, support compliance requirements, and demonstrate accountability during audits. Another feature we appreciate is the policy-based management, which helps enforce naming standards and other directory policies automatically instead of relying on administrators to remember every requirement. Overall, this feature simplifies day-to-day Active Directory management and improves operational efficiency while strengthening governance, although configuring advanced workflows and policies initially requires careful planning and a good understanding of the product to get the most value from it.
The features we use most in our day-to-day operations are delegated administration because it directly affects how our IT team handles user management requests. We have different administrators and support teams responsible for specific business units, so instead of giving everyone broad Active Directory privileges, we assign only the permissions they need to perform their tasks. That has reduced the security risk associated with excessive administrative access while allowing routine activities such as password resets, account unlocks, user updates, and group membership changes to be completed quickly without waiting for a senior administrator. It has also made responsibilities much clearer since each team knows exactly what they are authorized to manage. However, over time, this has reduced operational bottlenecks and improved response times for end users while giving us better control over the changes being made in the directory.
In addition to delegated administration, I think one of the strengths of One Identity Active Roles is how its features work together rather than in isolation. Delegated permissions, workflow automations, policy enforcement, and auditing complement each other, so administrative tasks are not only faster but also more consistent and easier to track. That said, I think there is still room for improvement in the user interface and in simplifying the configurations of advanced workflows, especially for organizations that don't have dedicated identity management specialists. Once the product is properly configured, it becomes a reliable platform for managing Active Directory at scale.
One Identity Active Roles has had a positive impact on our organization by making our Active Directory administrations more consistent, secure, and efficient. Before implementing it, many account management tasks were handled manually, which increased the chances of configuration errors and delayed user provisioning, especially during periods of high onboarding activity. After moving to One Identity Active Roles, we automated many of the routine processes and introduced delegated administration, which significantly reduced the workload of non-senior administrators.
From an operational perspective, we estimated that the time required to provision a new user account dropped from several hours to around twenty to thirty minutes in most cases because the necessary approvals, group assignments, and policies were handled through standardized workflows. We also saw fewer support tickets related to incorrect permissions or missed group memberships because the provisioning process became much more consistent. From a security standpoint, limiting administrative privileges through delegated rules reduced the risk associated with excessive access, while the built-in auditing gave us complete visibility into who made changes along with simplified compliance review and troubleshooting. Although implementing the workflows required careful planning and some fine-tuning in the beginning, the long-term benefits in terms of operational efficiency, governance, and reduced administrative effort made it a valuable part of our identity management process.
What needs improvement?
I think One Identity Active Roles is a mature and reliable solution, but there are a few areas where it could be improved. The biggest one is the management interface, which feels dated compared to many newer identity management platforms. While it provides a lot of functionality, navigation and configuring complex workflows can be challenging, especially for administrators who are new to the product. I also think the initial setup and customizations require a good understanding of both Active Directory and the product itself, so there is a noticeable learning curve.
In larger environments, making changes to workflows or policies often requires careful testing to avoid unintended effects, which can slow down implementations. Reporting is another area where I think there is room for improvement, as more modern customizable dashboards and easier report creation would make it simpler to monitor administrative activity and compliance. None of these issues have been significant enough to affect the product's reliability or day-to-day operations, but improving usability, simplifying workflow configurations, and modernizing the interface would make the overall experience better for both new and experienced administrators.
For how long have I used the solution?
I have been using One Identity Active Roles for two years.
What do I think about the stability of the solution?
My experience with One Identity Active Roles has been stable. Once it was properly deployed and configured, we didn't experience any major technical issues during day-to-day operations. We consistently handle the identity management tasks such as user provisioning and group management, which help keep the environment running smoothly.
What do I think about the scalability of the solution?
One Identity Active Roles shows strong scalability in our environment. As our organization grows, the platform continues to perform well without requiring significant changes to our data-driven processes. One of its strengths is that the delegated administration model and the automated workflows can be extended as the organization grows, so we don't have to redesign our identity management approach every time a new team or business unit is added.
How are customer service and support?
My interactions with One Identity customer support have been fairly limited because the product has been stable, and we haven't needed to open many support cases. On the occasions when we did contact support, the responsiveness of their professionals and engineers was commendable. Most configuration questions were resolved within an acceptable timeframe, although more complex issues sometimes required additional follow-up before a final resolution was provided.
Which solution did I use previously and why did I switch?
I didn't use any solution before switching to One Identity Active Roles.
How was the initial setup?
We haven't used any AI-specific capabilities in One Identity Active Roles, so I can't comment on those from first-hand experience. From a governance and security perspective, the product has very strong features such as delegated administration, role-based access control, approval workflows, and comprehensive auditing, which have helped us maintain tighter control over Active Directory changes while reducing the risk associated with excessive administrative privileges. Having a detailed audit trail has also been valuable for compliance and troubleshooting because we can easily see who made a change, when it was made, and what was modified. Overall, I think its governance capabilities are one of the product's biggest strengths as identity management evolves.
What was our ROI?
While we did not calculate an exact return on investment, we saw a clear operational advantage by automating routine Active Directory tasks such as user provisioning, modifications, and deprovisioning, and using delegated administration. Our IT teams spend much less time on repetitive requests. Senior administrators no longer had to handle every routine change, which allowed them to focus more on strategic work while the help desk team managed common requests within their assigned permissions. We also experienced fewer errors and more consistent user management because of standardized workflows compared to manual processes. Although we didn't measure success in terms of dollars or a reduction in headcount, the improvements in efficiency, security, and management investment were evident from an operational perspective.
What's my experience with pricing, setup cost, and licensing?
I wasn't directly involved in the pricing or licensing decisions, so I cannot comment on the exact cost. For our operations, I believe the investment was considered worthwhile because the product relieves manual Active Directory administration and improves security through delegated administration and auditing. Like most enterprise identity management solutions, it requires planning to ensure the licenses align with the management size and requirements. However, since I wasn't responsible for evaluations or commercial decisions, I prefer not to speculate on pricing or setup costs.
Which other solutions did I evaluate?
I didn't evaluate any other options before choosing One Identity Active Roles.
What other advice do I have?
I would rate One Identity Active Roles an eight out of ten. It is a stable and reliable solution that significantly simplifies Active Directory administrations through delegated administrations, workflow automations, and comprehensive auditing. It has helped us improve consistency, reduce manual effort, and strengthen security by limiting administrative privileges and providing a clear audit trail for changes.
I would rate customer support an eight out of ten.
I advise others looking into using One Identity Active Roles to spend ample time on planning before deployment, especially around your Active Directory structure, determining the delegated administration model, and establishing governance policies. The product is very capable, and you'll get the most benefit by starting with a few high-quality workflows before expanding into more advanced configurations. My overall review rating for One Identity Active Roles is eight out of ten.
Which deployment model are you using for this solution?
On-premises
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.