One Identity Active Roles Reviews

My main use case for One Identity Active Roles is mostly for Active Directory user lifecycle management and delegated admin control, especially handling user provisioning, role-based access, and reducing manual AD ticket work day-to-day.

Recently, for delegated admin control, I used One Identity Active Roles to automatically provision a new employee's AD account with the correct OU placement, group memberships, and email permissions based on their department. HR submitted a request, and the system handled most of the setup without manual AD changes.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory by removing a lot of repetitive tasks such as user provisioning, group updates, and access changes. At the same time, it has slightly shifted complexity upfront. I spend more effort designing policies and workflows, but once that is in place, ongoing administration becomes much simpler and more controlled.

The best features of One Identity Active Roles are the fine-grained delegation RBAC for Active Directory, so I can safely give help desk or L1 teams limited admin rights without exposing full AD control. It is also really strong in automating user provisioning, de-provisioning, and enforcing policies consistently across AD and Microsoft 365, which removes a lot of manual work and reduces mistakes in day-to-day operations.

The automation has reduced a lot of repetitive AD tasks. Tasks such as user creation, group assignments, and access changes that used to be manual tickets are now mostly automated through workflows. The team spends far less time on routine provisioning and more on actual issues or exceptions.

One Identity Active Roles helps a lot with controlling who can modify sensitive AD objects, so I reduce risk by giving help desk limited, policy-driven access instead of full admin rights, which keeps audits and compliance much cleaner.

One Identity Active Roles could be improved by making the initial setup and policy configuration simpler and more intuitive, especially for complex enterprise AD environments. Right now, it takes quite a bit of effort to fine-tune everything and get workflows exactly right.

Documentation could be clearer for advanced use cases, especially around complex delegation and custom workflows. Deeper out-of-the-box integrations with modern cloud identity tools could make hybrid environments easier to manage.

I have been using One Identity Active Roles for one year.

One Identity Active Roles is very stable overall in my environment. I rarely face downtime, and once it is properly configured, it runs reliably for day-to-day AD automation, provisioning, and delegation tasks. Occasionally, there are minor performance hiccups or slow responses during heavy loads, but those are usually resolved with routine maintenance or service restarts rather than any major issues. Overall, it is considered production-grade stable for enterprise AD environments, especially when governance and configuration are done properly.

One Identity Active Roles has very strong scalability for enterprise environments, especially in multi-domain or hybrid Active Directory setups. It handles large AD forests, multiple domains, and hybrid Azure AD environments well because it is designed to centralize management and apply policies consistently across everything from a single console. As long as it is properly architected, it can scale from mid-size setups to very large enterprise deployments without major issues. In practice, it scales well in terms of user provisioning, group management, and delegation workloads, but I do need to plan carefully, especially around policy design and server performance tuning when the environment becomes very large or complex. Overall, One Identity Active Roles offers enterprise-grade scalability, but success depends on good initial design.

Customer support for One Identity Active Roles is generally good and fairly technical. From my experience, the support team is knowledgeable about Active Directory and identity workflows, so they are helpful for configuration issues, troubleshooting, and upgrade-related problems. Most standard issues get resolved properly with clear guidance. However, for more complex or edge-case problems, resolution can sometimes take longer because it may require escalation or deeper investigation. Overall, it is solid enterprise-level support, just not always very fast for complicated cases.

I was previously relying on native Active Directory tools such as AD Users and Computers along with some manual PowerShell scripts for automation. I switched mainly because that setup was not scalable. Everything was too manual, script-dependent, and hard to govern consistently across teams, especially for delegation and audit tracking. One Identity Active Roles gave me a more centralized and policy-driven way to manage all of that.

The ease of integrating One Identity Active Roles with my existing IT infrastructure and directory services was moderately complex at the beginning, especially aligning it with existing AD structure and defining delegation models. However, once the initial setup and connectors were in place, it became fairly stable and easy to operate with my existing Active Directory and hybrid Azure AD environment.

I have seen a return on investment mainly through time savings and reduced operational load in Active Directory management. For example, after implementing One Identity Active Roles, I have reduced a lot of manual AD work such as provisioning, group changes, and access requests. Overall, it has led to roughly a 40 to 60 percent reduction in AD-related service desk tickets and manual effort, depending on the workload period. On the time side, tasks such as user onboarding that earlier took 15 to 20 minutes are now done in just a few minutes through automation and templates, which adds up to dozens of IT hours saved every month. I have also seen indirect savings because I do not need as many escalations to senior admins. Routine work is handled through delegation, so the same team can manage more users without additional headcount. In short, there is less manual work, fewer errors, faster onboarding, and better scalability without increasing team size.

My experience with pricing, setup cost, and licensing felt on the higher side since it is an enterprise-grade tool, and the licensing is typically based on managed user objects, so it scales with the environment size. Setup also requires some initial professional services and planning effort, but once implemented, it is stable and the cost is justified by the automation and reduced AD workload.

I evaluated a few alternatives before selecting One Identity Active Roles. The main ones were ManageEngine ADManager Plus, SailPoint Identity Security Cloud, and Microsoft Entra ID Governance. I also looked at Okta for broader IAM, but it was more SSO-focused rather than deep Active Directory delegation. I ultimately chose One Identity Active Roles because it was a better fit for deep, AD-level delegation on-premises plus hybrid control and fine-grained administrative workflows, which the others did not handle as cleanly in my environment.

My advice to others looking into using One Identity Active Roles is to invest time in proper planning before implementation, especially around your AD structure and delegation model. If you clearly define roles, OU design, and workflow rules upfront, One Identity Active Roles becomes very powerful and smooth to run, but if you rush setup, it can feel complex and messy later. Additionally, involve both security and AD admins early because it works best when both governance and automation are aligned from the start.

Overall, One Identity Active Roles is a solid enterprise-grade AD management tool that really shines in environments where you need strong delegation, automation, and compliance control. The biggest takeaway is that it pays off most when you invest time in proper design and governance upfront. Once that is done, it significantly reduces day-to-day AD workload and improves consistency across the environment. I would rate this product an 8 out of 10.

I have been using One Identity Active Roles for approximately three to four years as a part of my role as a Senior System Administrator, where I gain hands-on experience in implementing and managing One Identity Active Roles for centralized Active Directory administration, including creating and managing access templates, configuring role-based access control, automating user provisioning and de-provisioning processes, setting up approval workflows, enforcing policies, and delegating administrative tasks securely, along with troubleshooting synchronization issues and integration with existing AD infrastructure to ensure compliance, operational efficiency, and reduced manual effort in a large enterprise environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

In my daily work, I use One Identity Active Roles to automate user onboarding and offboarding processes, where new users are automatically created with correct permissions, group memberships, and policies based on their role, and during offboarding, accounts are disabled and access removed instantly, which helps me to reduce manual effort, improve accuracy, and ensure better security and compliance.

The best features of One Identity Active Roles that stand out to me are mainly automation, delegation, and policy enforcement, as these provide me the most value in a real-world environment, where automation helps in streamlining user provisioning, de-provisioning, and group management through workflows, significantly reducing manual effort and errors, while fine-grained delegation allows secure role-based access control so that service desk or junior admins can perform limited tasks without giving full domain access, improving security and reducing the risk of privilege misuse, and policy enforcement ensures that all objects follow predefined standards like naming conventions, mandatory attributes, and compliance rules, maintaining consistency across the environment, along with strong workflow management and approval processes for sensitive changes, dynamic group management, and detailed auditing and reporting that help track every change for compliance and security purposes, making One Identity Active Roles a powerful tool for centralized, secure, and efficient identity and access management.

One feature that I feel is not highlighted enough is the powerful auditing and reporting capability in One Identity Active Roles, which provides detailed tracking of every change made within the Active Directory through One Identity Active Roles, including who performed the action, what changes were made, and when, making it extremely useful for compliance, security investigation, and troubleshooting, and in addition, the ability to customize workflows and scripts using PowerShell integration is also very valuable as it allows extending functionality based on business requirements, automate complex tasks, and integrate with other system solutions more adaptively to different needs.

In our organization, One Identity Active Roles is deployed in a hybrid environment, where the core One Identity Active Roles components such as the administration service and management console are hosted on-premises within our data center for better control and security, while it also integrates with cloud services like Azure AD to support hybrid identity and access scenarios, allowing us to manage both on-premises and cloud-based identities centrally, which provides flexibility, scalability, and aligns with our organization's gradual cloud adoption strategy.

One Identity Active Roles can be improved by enhancing its user interface to make it more modern and intuitive, as sometimes navigation and configuration feel complex for new users, and additionally, improving reporting and dashboard capabilities with more customizable and real-time analytics would add significant value, while better native integration with cloud platforms like Azure AD and hybrid environments could also strengthen support for evolving infrastructure needs, and simplifying workflow design with more visual and user-friendly options, along with improved performance during large-scale operations, would make it even more efficient and easier to manage the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I have been working in my current field for the last 12 years.

One Identity Active Roles is a very stable and reliable solution in our experience, as it runs reliably in production with minimal downtime and handles large-scale Active Directory environments efficiently, provided it is properly configured and maintained, and we have seen consistent performance in day-to-day operations like provisioning, delegation, and policy enforcement without major issues.

One Identity Active Roles scales very well as the organization grows, as it is designed for enterprise environments and can handle a large number of users, groups, and directory objects efficiently, and in our experience, it has supported increasing workloads without performance issues, especially due to its centralized management, automation, and role-based delegation model, which allows us to scale the system to manage more identities without adding proportional administrative effort, and it also supports hybrid environments like on-premises and cloud integration, making it flexible for expansion based on industry needs where organizations have reported scalability issues and that continue to perform reliably as the user base and infrastructure grow.

My experience with customer support for One Identity Active Roles has been generally positive, as the support team is technically strong and responsive in handling issues in most cases, and they provide clear guidance and effective solutions.

Before implementing One Identity Active Roles, we were primarily using native Active Directory tools along with manual processes and some basic PowerShell scripts for user and group management, but we switched to One Identity Active Roles because those methods were time-consuming, error-prone, and lacked proper governance, delegation, and auditing capabilities, and as the organization grew, it became difficult to manage the identity life cycle efficiently, so we needed a centralized solution that could provide automation, role-based delegation, policy enforcement, and detailed auditing, which One Identity Active Roles delivered efficiently, helping us standardize processes, improve security, and reduce operational overhead.

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, as it integrates quite well with Active Directory out of the box and aligns with the standard Microsoft environment, so the initial setup and synchronization were straightforward, but some complexity came in when configuring advanced workflows, custom policies, and integration with the hybrid environment like Azure AD, which required careful planning, scripting, and testing, so overall, it was manageable with good documentation and experience, but not completely plug-and-play for more advanced use cases.

We have definitely seen a strong return on investment after implementing One Identity Active Roles, mainly in terms of time saving, reduced workload, and improved efficiency, where user provisioning and access requests that earlier took hours are now completed in a few minutes through automation, and we observe around a 40 to 50% reduction in service desk tickets related to Active Directory tasks, which allows the team to focus on more critical activities instead of repetitive work, while delegation reduces dependency on senior administrators, indirectly saving manpower effort, and overall, the reduction in errors, faster onboarding, and improved compliance also contribute to cost savings and operational efficiency, making it a valuable investment for the organization.

My experience with pricing, setup cost, and licensing for One Identity Active Roles has been that it is on the higher side compared to native tools, as it follows an enterprise licensing model, typically based on the number of managed users or accounts, but the cost is justified by the value it delivers in terms of automation, security, compliance, and reduced operational overhead, while the initial setup cost includes infrastructure implementation and possible professional services, which require some planning and investment, and licensing management can be a bit complex depending on the organization's size and requirements, but overall, it is considered a worthwhile investment for large environments where efficiency, governance, and scalability are critical.

Before selecting One Identity Active Roles, we evaluated solutions such as Microsoft Identity Manager and SailPoint IdentityIQ, but we chose One Identity Active Roles because it provided a better balance of ease of deployment, strong Active Directory integration, effective delegation, and built-in automation, specifically tailored for our AD environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I would rate this product an 8 out of 10.

Hybrid Cloud

Microsoft Azure

One Identity Active Roles serves as the primary tool in our organization to streamline and secure Active Directory management by automating administrative tasks, enforcing governance policies, and reducing the risk of human error. It helps us delegate access control efficiently through role-based administration, ensuring that the right users have the appropriate permissions without granting excessive privilege. Additionally, it enhances compliance by providing detailed auditing, reporting, and approval workflows for changes made within the directory, which is especially important for maintaining security standards and regulatory requirements. Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization.

A practical example from our daily use of One Identity Active Roles is our automated user provisioning process, where it is configured with policies and workflows that trigger as soon as a new employee is added to our HR systems or Active Directory. The system automatically assigns the correct group membership, email access, and permissions based on their roles and department, while also enforcing naming conventions and security rules simultaneously. Privileged access requests, such as adding a user to admin groups, go through an approval workflow that requires managerial authorization and is fully logged for auditing. This approach not only saves significant manual effort for the IT team but also ensures strict governance, consistency, and compliance without relying on individual administrators to remember every policy.

Our main day-to-day use of One Identity Active Roles revolves around simplifying and controlling Active Directory operations through delegated administration and policy-based management. We allow helpdesks or junior IT staff to handle routine tasks such as user creation, password resets, and group modifications without giving them full domain access, ensuring security is never compromised. Simultaneously, we rely heavily on its built-in workflows and approval mechanisms for sensitive changes, such as privilege escalation or access to critical systems, which ensures every action follows a defined governance process and is properly audited. Its automation capabilities help maintain consistency in user attributes, enforce compliance policies, and reduce manual errors, making it an essential tool that keeps our identity management efficient, secure, and aligned with organizational standards on a daily basis.

The workflow automation and auditing features of One Identity Active Roles have made a clear impact in our daily work, especially in handling access requests and compliance tracking. When a user needs elevated privileges, the request automatically goes through a predefined approval workflow instead of relying on manual emails, ensuring proper authorization before any changes are made and every action is logged with full details. This becomes extremely useful during audits or troubleshooting because we can quickly track who made what changes and when, reducing investigation time and improving accountability. This approach also removes the dependency on manual follow-ups and minimizes the risk of unauthorized access.

One of the best features of One Identity Active Roles is its strong combination of automation, security, and centralized control, which makes Active Directory management much more efficient and governed. A standout feature is workflow automation, where repetitive tasks such as user provisioning, deprovisioning, and access changes are handled automatically based on predefined rules, saving time and reducing manual errors significantly. Another key feature is role-based delegation, which allows organizations to grant limited control access to helpdesks or junior staff without exposing critical admin privileges, ensuring a least privilege security model. One Identity Active Roles also offers policy-based management where rules enforce naming conventions, mandatory attributes, and compliance standards during any Active Directory changes, maintaining consistency across the environment. Additionally, features such as dynamic groups, memberships, and temporal access automatically add or remove users from groups based on coordination or time, which is very useful for managing temporary or role-based access. Finally, its auditing and reporting capabilities provide full visibility into who made what changes and when, helping with compliance, troubleshooting, and security monitoring. Overall, these features together make One Identity Active Roles a powerful tool for improving efficiency, strengthening governance, and securely managing identity and access management operations.

One area where One Identity Active Roles can be improved is in simplifying its initial setup and configuration process, as deployment can be complex and time-consuming for a new user or organization without deep Active Directory expertise, which can slow down adoption and require additional training or support. Additionally, improving the user interface to make it more intuitive and user-friendly would enhance the overall experience for administration, especially for those who are not highly technical. There is also scope to enhance performance in certain scenarios such as reporting over slower networks. Expanding flexibility in customization and integrations could further strengthen its usability in modern hybrid and cloud environments, making it even more efficient and easier to manage at scale.

One improvement I would particularly highlight for One Identity Active Roles is the need for seamless integration with modern cloud platforms and hybrid environments. Many organizations now operate beyond traditional on-premises Active Directory, and having more out-of-the-box connection connectors and easier configuration for tools such as Azure or other SaaS applications would save time and effort. Making reporting and dashboards more customizable and intuitive would help administration quickly derive insights without relying on external tools. Improving documentation and in-product guidance could also make troubleshooting and advanced configuration much easier, especially for new users who are still becoming familiar with the platform.

I have been using One Identity Active Roles for the last two years.

One Identity Active Roles is generally considered a stable and reliable solution in most enterprise environments, as many users rate its stability quite high, often between seven to ten out of ten. They highlight that it performs consistently well for automation, delegation, and auditing tasks.

One Identity Active Roles is highly scalable and can easily support large enterprise environments with thousands to even hundreds of thousands of users across multiple domains. It grows well with our organization's needs without major performance issues, making it suitable for both mid-sized and large companies.

Customer support for One Identity Active Roles is generally good, as most users report that the support team is responsive, technically knowledgeable, and ready to assist whenever tickets are raised, often providing clear and practical solutions to issues. Although in some cases there are slight delays or slower responses for more complex problems, the overall support experience is positive and reliable, though there is room for improvement in response time for critical or advanced issues.

Before adopting One Identity Active Roles, we were primarily relying on native Microsoft Active Directory tools and manual PowerShell scripts for user and access management. We switched because those methods lacked centralized governance, automation, and proper auditing capabilities, which made the process time-consuming and prone to errors. As our environment grew, managing permissions and ensuring compliance became increasingly complex, so moving to One Identity Active Roles helped us streamline operations with automation, enforce consistent policies, and gain better visibility and control over all directory-related activities.

Integrating One Identity Active Roles with our existing IT infrastructure and Active Directory is moderately straightforward but not entirely simple. It fits well within our traditional Active Directory environment and connects effectively with directory services. However, the initial setup, configuration of policies, and aligning it with existing workflows require careful planning and some expertise, especially when customizing roles and permissions. While basic integration is smooth, more advanced setups such as hybrid environments or additional system integrations can add complexity. Overall, it is manageable but does require a certain level of technical understanding to fully optimize its capabilities.

We have seen a clear return on investment with One Identity Active Roles, as it has reduced manual administration effort by approximately fifty to sixty percent, which directly translates into time savings for the IT team. In some cases, tasks that earlier took fifteen to twenty minutes, such as user provisioning or access changes, are now completed in just a few minutes through automation, while also reducing errors significantly, which avoids network and potential security risks. Overall, it has allowed us to handle the same workload with fewer resources or relocate team members to more strategic tasks, ultimately improving our productivity and delivering strong value compared to the investment made.

Our experience with pricing, setup cost, and licensing for One Identity Active Roles has been generally positive, though with a few considerations as the solution follows a subscription-based licensing model, typically calculated based on the number of managed users and required features, which makes it scalable but can become relatively expensive for larger organizations and environments. The initial setup and procurement process was smooth with good vendor support, but the overall cost is on the higher side compared to basic tools, though it is justified by the value it delivers in automation, governance, and time savings. In our case, we found that the return on investment was strong because it significantly reduced manual efforts and administrative workload, making the pricing work despite the higher upfront and licensing costs.

Before selecting One Identity Active Roles, we evaluated a few other identity and Active Directory management solutions such as Microsoft Entra ID, Okta, and ManageEngine ADManager Plus, as they are commonly considered strong alternatives in the identity and access management space with capabilities such as automation, access control, and governance. While each had its strengths, especially in cloud integration or ease of use, we ultimately chose One Identity Active Roles because it offered more granular control, deeper Active Directory management, and stronger policy-based governance tailored to our on-premises and hybrid environment needs.

My advice for anyone considering One Identity Active Roles would be to invest time in proper planning and initial setup, especially around role design, delegation models, and policy configuration, because the real value of the tool comes from how well these are structured from the beginning. Also, ensure your team has a good understanding of Active Directory. I would rate this product a nine out of ten overall.

My main use case for One Identity Active Roles is to handle end-to-end identity life cycle process from user provisioning when an employee joins to modification during role changes, and secure de-provisioning when they leave. This ensures consistency, reduces manual error, and improves operational efficiency. Another key use case is policy-based administration. We enforce standardized naming conventions, attribute validation, and security policy across all AD objects. This helps maintain a clean and compliant directory structure. We also rely heavily on delegation and role-based access control, allowing teams like HR or service desk to perform specific activities without giving them full administrative rights. This improves both security and scalability. Additionally, One Identity Active Roles is used for workflow automation and approval, where access requests or changes go through predefined approval teams. This strengthens governance and ensures audit readiness. Overall, the main goal is to reduce manual effort, improve security, and enforce compliance.

One Identity Active Roles offers a powerful set of features that significantly improve automation, security, and governance in an Active Directory environment. One of the most valuable features is automation and lifecycle management. One Identity Active Roles allows us to automate provisioning, de-provisioning, and group management using workflows and policies. This reduces manual effort and ensures consistency across the organization.

Another key feature is policy-based administration. We can enforce business rules such as naming conventions, attribute validation, and access policies. This ensures that all changes in Active Directory follow a standardized and compliant approach. Delegation and role-based access control is also a standout feature. It enables fine-grained control over who can perform specific tasks, ensuring least-privileged access while distributing administrative responsibility efficiently.

One Identity Active Roles also provides single-pane-of-glass management for hybrid environments, allowing us to manage on-prem Active Directory, Azure AD, and Microsoft 365 from one interface. Another important feature is dynamic group management, where group memberships are automatically updated based on predefined rules. Additionally, the auditing and reporting capabilities are very strong. Every change is tracked with detailed logs, helping with compliance, troubleshooting, and audit readiness. Finally, integration and synchronization with systems such as HR tools, ServiceNow, and cloud platforms allow seamless identity management across multiple systems, making it a central hub for identity governance.

One of the biggest improvements has been operational efficiency by automating user lifecycle management, including onboarding, role changes, and off-boarding. We have significantly reduced manual effort and turnaround time. Tasks that previously took hours can now be done in a minute with far fewer errors. Another major impact has been on security and access control. With delegation and role-based access control, we have been able to enforce the principle of least privilege. Instead of giving broad administrative rights, we assign very specific permissions, which has reduced our risk exposure and improved our overall security posture. From a governance perspective, policy-based administration has helped us standardize how Active Directory is managed. This ensures consistency across the organization and eliminates issues caused by manual inconsistencies. Overall, One Identity Active Roles has helped us move toward a more automated, secure, scalable identity management model, aligning IT operations more closely with business needs.

While One Identity Active Roles is a very powerful platform, there are definitely areas where it can be improved to enhance usability and scalability. First is the user interface and experience. While it is functional, it can feel complex for a new user and less intuitive, especially for onboarding a new user. The second is the learning curve and setup. The initial setup and configuration, especially for policies, workflows, and delegation models, can be quite complex.

Third is reporting and analytics enhancement. Although auditing is strong, the reporting layer could be more flexible and visual, adding features such as more customizable dashboards and better visualization. Fourth is cloud and hybrid enhancement, such as a more seamless integration with Azure AD, Microsoft 365, and other SaaS platforms. Fifth is performance in large environments. In very large-scale deployments, some organizations may experience slower performance during complex queries or workflows. Sixth is documentation and training. While documentation exists, it can sometimes be too technical and not beginner-friendly. Overall, while One Identity Active Roles is already a robust and mature solution, improvements in usability, reporting, and cloud integration could make it even more powerful and accessible in the future.

I have been using One Identity Active Roles for four years.

In terms of stability, One Identity Active Roles is a very stable and mature platform. Once properly implemented, it runs reliably with minimal downtime, handles daily operations consistently, and scales well with organizational growth. Overall, One Identity Active Roles has proven to be a stable, reliable, and well-suited solution for managing Active Directory at scale.

One Identity Active Roles is highly scalable and well-suited for growing organizations. It can effectively handle a large number of users and groups across multiple domains and environments. As the organization grows, we do not need to proportionally increase the admin team. Automation handles repetitive tasks, and delegation distributes responsibility.

Our experience with One Identity customer support has been generally positive and reliable. For more complex issues, resolution may take longer, but overall, the support team is very helpful and knowledgeable.

I did not choose any implementation before One Identity Active Roles, nor did I evaluate any other options. This is my first experience with One Identity Active Roles.

My overall assessment is that integration with the existing IT infrastructure and directory services is moderately straightforward but requires careful planning. Since One Identity Active Roles is designed to work closely with Active Directory, the core integration is quite smooth. It connects natively with domain controllers, which makes onboarding relatively seamless in a standard Microsoft environment. However, the complexity increases when designing delegation models, configuration policies, and workflows. Basic integration is easy to moderate, and advanced configuration and customization are more complex and require expertise.

We have definitely seen a clear return on investment after implementing One Identity Active Roles. The ROI comes mainly from time savings, reduced workload, and improved efficiency rather than just direct cost reductions. For example, by automating onboarding and delegating routine tasks, we have been able to save significant administrative hours each month and avoid expanding the IT team, which directly contributes to cost savings.

Our experience with pricing and licensing for One Identity Active Roles has been on the higher side compared to native tools but justified by the value it delivers. Its pricing and licensing are based on the number of user-managed identities and the features and modules included. While the upfront cost may seem significant, it aligns with an enterprise-grade IAM solution.

One Identity Active Roles has had a significant positive impact on our organization's compliance efforts. One of the biggest advantages is the built-in auditing and traceability. Every action, whether it is user creation, group modification, or permission changes, is logged with clear details of who performed it and when. Additionally, policy-based administration ensures that all changes follow predefined rules, which reduces the risk of non-compliant configurations. One Identity Active Roles has significantly reduced both the complexity and workload of Active Directory administration. After implementation, routine tasks are automated, responsibilities are distributed through delegation, and policies ensure consistency automatically.

My advice to others considering One Identity Active Roles would be to treat it as a strategic investment rather than just a tool. Before implementing, clearly define your identity management processes. Plan your delegation model and policies carefully. Start with a key use case such as user lifecycle resolution. If implemented correctly, it can significantly improve efficiency, security, and governance, but planning is critical to fully realize its value.

Overall, One Identity Active Roles has proven to be a reliable and valuable solution for managing Active Directory at scale. While there are areas for improvement, I would suggest this as one of the best tools I have ever used across my experience. I would rate this solution a 9 out of 10.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is to use it primarily in the FinTech and HealthTech market, where data sensitivity is really high, and for having consistent policy enforcement so that it can reduce the risk significantly.

One specific example of how I use One Identity Active Roles in my HealthTech environment is that one of the biggest gains is the centralized identity access management, which supports secure access for all the clinicians and the staff while maintaining the compliance requirement, which is very critical when dealing with sensitive patient data. The scalability also is great for these types of tech, so it works well in deep tech startups where new services are frequently added. What I appreciate most is that it is adaptive for multi-factor authentication, adding a strong security layer without always interrupting the user, which is very important for both the HealthTech and FinTech environments.

When I integrate One Identity Active Roles with my systems, it bridges the modern cloud apps and older legacy systems within a single identity framework. In real-world environments, especially in HealthTech, having a clean, cloud-only stack is essential, making flexibility very critical. It also supports integration with Active Directory, SAP, and different databases, allowing my organization to unify access control without replacing the existing infrastructure, which is particularly important when dealing with a legacy EMR-based system. This plays a central role alongside different digital platforms.

The best features One Identity Active Roles offers include strong governance and lifecycle management capabilities, especially in environments where access control needs to be highly regulated. It helps ensure that a user only has access to what they truly need, reducing compliance-related risk. Additionally, the strongest point is how well it integrates with both legacy systems and modern infrastructure, which is very helpful for working with deep tech startups that require both legacy system capabilities and modern technologies.

One Identity Active Roles has positively impacted my organization by helping me gain clear visibility and control over user access across all systems. In regulated environments like HealthTech, it is much easier to demonstrate proper governance with specific policies aligned with the system. The automated access certification and audit trails help reduce manual effort in auditing by allowing me to generate reports directly instead of pulling data from multiple systems. This also helped me during regulatory reviews and internal audits by enforcing least privilege access and proper segregation of duties, which lowered the risk of unauthorized access.

Regarding reporting, One Identity Active Roles has helped me in healthcare reporting by building everything from a platform that is very adaptable to the current ecosystem. It helps integrate with microservices and APIs while accommodating older enterprise systems, which is another added advantage.

There are a couple of areas where One Identity Active Roles can be improved. One area is the overall user interface and experience, as the UI is sometimes very complex, so simplifying workflows for non-stakeholders would be helpful. Another improvement is the implementation and configuration complexity, since the initial setup and advanced policy configuration often require specialized expertise, which can slow down deployment in fast-moving tech setups. Additionally, performance for large-scale access or certification campaigns can be optimized further, although I understand that large enterprises can take some time due to complex processes, necessitating improvements in speed and responsiveness. Finally, having a neater analytics and reporting dashboard would be great.

I have been using One Identity Active Roles for almost two to three years.

I find One Identity Active Roles to be stable.

One Identity Active Roles's scalability is impressive, as it has been used for multiple years in enterprise-related systems and scales well with large user bases or complex access requirements. It can manage not only internal employees but also billions of external users. The architecture supports both horizontal and vertical scaling, making it suitable for growing deep-tech environments with continuously added services and users. Its modular design and automation allow capabilities to extend without redesigning the whole system. Overall, I rate its scalability an eight out of ten for supporting reliable business growth and architecture.

The customer support from One Identity Active Roles is really good.

My experience with pricing, setup cost, and licensing is that pricing is generally on the higher side, especially for organizations using multiple modules like identity governance, privileged access, and analytics. It is more suitable for large enterprises rather than startups or medium-sized companies as the pricing is not very cost-friendly. Although it provides comprehensive governance, privileged access, and analytics tools, the pricing can feel complex depending on the licensing model and deployment scale, which organizations should definitely plan for well in advance.

I see a return on investment with One Identity Active Roles, specifically noting a 40% to 60% drop in time spent on provisioning, access reviews, and audit-related tasks. While the upfront cost can be high, the automation, reduced risk, and overall efficiency typically justify the investment, although it may take three to five years to see a complete ROI.

Before choosing One Identity Active Roles, I evaluated options like Microsoft technology and cloud providers such as Okta, SailPoint, Entra, and CyberArk. However, in my experience, One Identity Active Roles is particularly strong for identity governance and compliance, which led me to my decision. Each of these tools has its own pros and cons, and the choice ultimately depends on the organization's priorities.

I have consolidated my use of OneLogin, One Identity Active Roles, and other access control products.

I definitely utilize the fine-grained permission control feature of One Identity Active Roles, which helps me assign permissions not just at the role level, but down to very specific systems and attributes or actions when required. For example, when considering giving a user full database or application-level access, I can restrict them to specific functions like read-only access or limited transactions. This definitely helps enforce the least privilege principle and reduces the risk of misuse or data exposure. It is particularly helpful for policy-based or role-based models, especially in dynamic conditions, such as department-wise, location-wise, or risk level-wise.

Regarding automation capabilities, One Identity Active Roles allows me to automatically provision, modify, or de-provision role-based changes. It helps automate access request and approval workflows, letting users request access through a self-service portal while routing approvals to the necessary stakeholders. This is particularly useful when needing controlled yet quick access. The policy-driven automation is another key strength, as access is assigned based on predefined roles, rules, or attributes, ensuring consistency and compliance without manual intervention.

The impact of One Identity Active Roles on my compliance efforts is significant. It provides centralized visibility to user access, roles, and entitlements, simplifying governance. For FinTech and HealthTech industries, where periodic reviews are required for standard protocols such as PCI DSS or HIPAA, it is very helpful. The platform maintains detailed audit trails and reporting, allowing me to quickly track changes, approvals, and policy violations, making it easier to demonstrate compliance during audits and identify potential gaps or risks early.

One Identity Active Roles significantly reduces the complexity and workload of administrative tasks related to Active Directory. As an admin and CTO, I appreciate how it has reduced manual workload for my admin team, especially when automating repetitive tasks such as provisioning and updating access. It has made management easier, enabling admins to focus on governance and policy decisions rather than routine operations. It improves both efficiency and consistency overall.

One Identity Active Roles helps organizations specifically delegate admin tasks to business users through a role-based system and approval workflows. This means the IT team does not have to handle every access request because managers can review and approve access directly for their teams. It also supports granular delegation of specific admin rights without giving full system control, which is very helpful for large enterprise organizations with multiple departments. Overall, this reduces bottlenecks for the IT team and speeds up access decisions.

My advice for others looking into using One Identity Active Roles is to plan well in advance, as investing time in proper role and access definition before implementation is crucial. One Identity Active Roles is powerful, but if roles, policies, and access are not clearly defined upfront, managing it later can become complex. It is important to have the right expertise or partner support during deployment due to the platform's strong learning curve. Starting with a phased rollout, beginning with critical systems, stabilizing the setup, and then expanding, works really well. I would rate my overall experience with One Identity Active Roles a seven out of ten.

Public Cloud

Microsoft Azure

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

I have used the solution for over three years.

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

Hybrid Cloud

Microsoft Azure

One Identity Active Roles is our main solution for Active Directory administration and user life cycle management. In day-to-day operation, I primarily use it for onboarding and offboarding users, managing group membership, handling access requests, and delegated administration.

One Identity Active Roles enforces consistency in Active Directory administration. Before implementation, different administrators sometimes followed different processes for account creation or access changes. With One Identity Active Roles, workflows and policies help standardize those activities. It also gives us better visibility into who made changes and when, which has been useful during access reviews and audit-related activities.

The features that stood out most for me in One Identity Active Roles are delegated administration, automation, and role-based access control. Delegated administration made a big difference because it allowed the service desk to handle routine tasks such as password resets, account unlocks, and certain group management activities without giving them full Active Directory administrative rights. Automation was also valuable for onboarding and offboarding processes, helping reduce manual effort and maintain consistency. Another feature I found useful was the auditing capability since it provided better visibility into who made changes and helped during access reviews and compliance checks.

Automation had a noticeable impact on our team's efficiency because it reduced the amount of repetitive Active Directory work. Before One Identity Active Roles, user provisioning and access changes often involved multiple manual steps and validation checks. For example, onboarding required administrators to manually create accounts, assign groups, and verify permissions. With the automated workflow, much of that process became standardized, which reduced administrative effort and helped avoid administration mistakes. It also meant the Active Directory team spent less time on routine requests and more time on governance, access reviews, and improvement initiatives, although automation did not eliminate all manual work.

One of the biggest positive impacts of One Identity Active Roles was bringing more control and consistency to Active Directory. Before implementing it, many user and access management tasks relied heavily on manual processes and experienced administrators. With One Identity Active Roles, many of those activities became standardized through workflows, delegated administration, and role-based access control. From an operational perspective, it improved turnaround times for common requests, reduced the risk of unauthorized changes, and gave us better visibility into administrative activities.

From a governance and security perspective, I think One Identity Active Roles is one of the stronger areas of the product. It helps enforce role-based access control, delegated administration, and least privilege principles much more effectively than relying on native Active Directory administration alone. We had better control over who could perform specific tasks, and administrative activities were easier to audit and review. In terms of artificial intelligence capability, I would not say artificial intelligence is currently a major strength of the product. Most of the value comes from the policy-based automation, workflows, and governance controls rather than advanced artificial intelligence-driven decision-making.

One area where One Identity Active Roles could be improved is troubleshooting and visibility. As environments grow and workflows become more complex, it can sometimes take time to determine why a specific permission, workflow, or delegated task is not behaving as expected. I also think the reporting experience could be more flexible, especially for organizations that need customized governance and audit reports. Overall, One Identity Active Roles is strong in its core functionality, but improvements in user experience, reporting, and troubleshooting would make administration easier.

One additional improvement I would mention is around hybrid identity and cloud integration. Many organizations today are managing both on-premises and cloud environments. Having deeper visibility and governance across those environments from a single interface would be valuable. Another area is workflow management. While the flexibility is powerful, maintaining and troubleshooting complex approval workflows can sometimes become challenging as organizations grow and requirements evolve.

I have been working in my current field for the last seven years.

One Identity Active Roles has been a stable platform overall in my experience. We use it for daily Active Directory operations, delegated administration, and user life cycle management, and it has performed reliably without causing major operational issues.

One Identity Active Roles scaled well from my experience, especially in an organization with a large Active Directory environment. As our user base, groups, and administrative requests grew, we were able to continue using the same platform without significantly changing our operational model. Features such as delegated administration and automation helped us absorb that growth without putting additional pressure on the Active Directory team.

My experience with customer support was generally positive. For routine issues and product-related questions, the support team was knowledgeable and usually able to point us in the right direction fairly quickly. We especially found them helpful during implementation when working through delegation workflow-related configuration questions.

I would rate customer support eight out of ten. The support engineers generally had good product knowledge and understood Active Directory delegation models and workflow-related issues well. In most cases, we received useful guidance without extensive back-and-forth.

Before implementing One Identity Active Roles, we primarily relied on native Active Directory tools, such as Active Directory Users and Computers, along with PowerShell scripts for user provisioning and access management. As the environment grew, managing delegated permissions, user life cycle processes, and ensuring a consistent audit trail with this manual system became increasingly difficult. Different teams were following different processes, and it was challenging to maintain consistent governance.

I would describe the integration as moderately easy. Since our environment was already heavily based on Active Directory and Microsoft technologies, the core integration was fairly straightforward. The basic setup, user provisioning, delegated administration, and role-based access control configuration were not particularly difficult. Most of the effort went into planning the delegation model, approval workflows, and ensuring they aligned with our existing operational processes.

I would not say it reduced the number of employees, but it definitely helped the existing team handle a higher volume of work more efficiently. Before One Identity Active Roles, the Active Directory team was spending a significant amount of time on routine activities such as account provisioning, group membership updates, and access-related requests. After introducing automation and delegated administration, many of those requests could be handled by the service desk or proceeded through a standardized workflow.

My experience with pricing, setup costs, and licensing was generally positive, although the product is definitely more suited for medium and large enterprises than smaller environments. The licensing and initial setup cost required justification upfront, but the value became clearer once we started using the automation, delegated administration, and governance features at scale. From the setup perspective, the technical installation was not the most challenging part. The bigger effort was planning and delegation.

We did look at a few alternatives before selecting One Identity Active Roles. The main ones were Microsoft Identity Manager and SailPoint IdentityIQ. Microsoft Identity Manager was already familiar from our Microsoft ecosystem perspective, while SailPoint offered strong identity governance capabilities. However, for our requirements, One Identity Active Roles provided a better balance between Active Directory administration, delegated access management, automation, and governance.

My advice to organizations looking into One Identity Active Roles is to spend time understanding your Active Directory structure, delegation requirements, and access governance processes before implementation. One Identity Active Roles delivers the most value when you have clear ownership of administrative tasks and well-defined access policies. If these processes are not documented, it is worth first addressing these before purchasing the product. I would rate this review nine out of ten.

Hybrid Cloud

Microsoft Azure

I have been using One Identity Active Roles for almost the last two years.

My main use case of One Identity Active Roles is for user provisioning, group management, delegated administration, and handling access-related requests in a controlled and consistent manner.

A common example is managing department-based security groups. When new employees join, we use One Identity Active Roles to add them to the appropriate group based on their role, while delegated administrators can handle routine updates without needing full Active Directory administrative privilege. This helps to keep access management consistent and reduce dependency on the IT team for everyday requests.

Besides user and group management, we also use One Identity Active Roles for delegated administration and access governance. It helps us to standardize Active Directory tasks, reduce manual changes, and maintain better control over who can perform specific administrative actions.

The features I find most valuable in One Identity Active Roles are delegated administration, workflow automation, and role-based access control. These features help reduce manual Active Directory management, improve governance, and allow different teams to handle routine tasks without requiring full administrative privileges.

One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations. It reduced manual administrative work, improved delegation of routine tasks, and provided better control over access management. As a result, administrative processes became more streamlined and easier to govern.

One noticeable outcome was a reduction in the time spent on routine Active Directory tasks. Delegation and automation helped teams to handle common requests more efficiently without involving senior administrators. We also saw fewer administrative errors because user and group management follows standardized processes. In addition, audit and access review activities became easier due to better visibility into changes and permissions.

Another feature I need to add is that the auditing and reporting capability provides better visibility into administrative changes and helps us during compliance and review troubleshooting. I also appreciate that One Identity Active Roles centralizes many Active Directory management tasks, making administration more organized and consistent across the different teams.

One area for improvement in One Identity Active Roles would be reporting and dashboard customization. While the available reports are useful, having more flexible and easier-to-build reports would help administrators to get insights more quickly. I would also like to see a more modern user interface and better visibility into complex workflow and delegated admin permissions, especially in larger Active Directory environments.

Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues. Identifying the root cause can sometimes take longer than expected. I would also welcome more built-in guidance and recommendations for administrators, especially when managing large environments with multiple teams and permission structures.

I have been working in my current field for the last three to four years.

One Identity Active Roles has been a very stable platform. We use it regularly for provisioning users, group management, and delegated administrator-related tasks, and it performs very reliably without any doubt, with very few operational issues. Most of the challenges were related to workflow configuration or process changes rather than the product's stability itself.

From my perspective, One Identity Active Roles can scale well as the environment grows. We were able to support an increasing number of users, groups, and administrator requests without significantly changing our management processes. The delegation and automation features help maintain efficiency even as the Active Directory environment expanded.

The customer support is very good. Sometimes we face some issues from customer support, but that is part and parcel of life, so that is not a big challenge. Overall, it is good.

We were using a different solution before choosing One Identity Active Roles. We were using PowerShell for the administrative tasks. We switched because we needed better delegation, centralized management, automation, and governance. As the environment grew, managing everything through native tools became more time-consuming and harder to control consistently.

Our experience with pricing and licensing for One Identity Active Roles is generally positive. One Identity Active Roles is enterprise-focused, so the investment is justified when you need strong delegation, automation, and governance capabilities. From a setup perspective, installation was straightforward. Most of the effort went into planning the administrative role and delegation models and workflow rather than the technical deployment itself.

I would describe the integration of One Identity Active Roles with my existing IT infrastructure and directory services as fairly straightforward since our environment was already centered around Active Directory. Connecting One Identity Active Roles to existing Active Directory services was relatively smooth. Most of the effort was focused on defining the delegation model, workflow, and administrative roles rather than the technical integration itself. Our deployment fit well with our existing infrastructure.

We have seen a positive return on investment from One Identity Active Roles. The biggest benefit has been the time savings through the delegation and automation of routine Active Directory tasks. For example, password resets, user updates, and group membership changes can be handled by delegated teams without involving senior administrators. This reduces administrative workload, improves response times, and allows the IT team to focus on other strategic activities.

We were evaluating more options including Microsoft Identity Manager and SailPoint IdentityIQ before choosing One Identity Active Roles. We chose One Identity Active Roles because of its integration, delegating administration, and automation capabilities. This integration is very smooth, which is why we chose this solution.

Delegated administration has had the biggest impact for me. It allows routine tasks such as password resets, account updates, and group membership changes to be handled by the support team without granting full Active Directory administrative rights. In day-to-day work, this reduces the number of requests reaching the IT team and helps us to focus on more complex administrative and infrastructure tasks.

In my experience, the output from One Identity Active Roles has been reliable and consistent. User provisioning, group management, and delegated administration tasks generally work as expected when the policies and workflows are configured correctly. From an automation perspective, the platform relies more on predefined roles and automation than AI-driven decision-making. Because of that, the results are predictable and dependable, which is important for identity and access management operations.

In our environment, One Identity Active Roles is deployed in a hybrid environment. The solution is hosted within our on-premises infrastructure and integrated with cloud services where needed. This approach allows us to maintain control over Active Directory administration while supporting broader hybrid identity requirements.

As a part of our hybrid environment, we primarily use Microsoft Azure. It integrates well with our Active Directory and identity management infrastructure, making it easier to support both on-premises and cloud-based resources. Azure has helped maintain a consistent approach to identity access management and governance across the environment.

We do not apply fine-grained policies.

My impression of the automation capabilities provided by One Identity Active Roles is positive. They help reduce manual Active Directory administration and ensure that routine tasks follow consistent processes. For example, user onboarding can be automated so that new accounts are created with the correct attributes, group memberships, and permissions based on a predefined role. This saves time and reduces the chances of configuration errors.

One Identity Active Roles helped reduce both the complexity and workload of Active Directory administration. Routine tasks such as user provisioning, group membership updates, and account maintenance become more structured and easier to manage. As a result, administrators spend less time on repetitive tasks and more time on high-priority projects, while also reducing the risk of manual errors.

I would definitely refer my friends and colleagues to One Identity Active Roles to whoever wants to reduce the administrative load. My advice would be to start with a clear delegation and strategy and governance model before implementation. This will help to ensure that the administrative responsibilities and access controls are properly defined from the beginning. I would also recommend starting with core use cases such as user provisioning and group management, then expanding into more advanced automation workflows as the team becomes familiar with the platform.

We are only a customer of One Identity Active Roles. I would rate this product overall as an 8 out of 10.

Hybrid Cloud

Microsoft Azure