One Identity Active Roles Reviews

One Identity Active Roles serves as the primary tool in our organization to streamline and secure Active Directory management by automating administrative tasks, enforcing governance policies, and reducing the risk of human error. It helps us delegate access control efficiently through role-based administration, ensuring that the right users have the appropriate permissions without granting excessive privilege. Additionally, it enhances compliance by providing detailed auditing, reporting, and approval workflows for changes made within the directory, which is especially important for maintaining security standards and regulatory requirements. Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization.

A practical example from our daily use of One Identity Active Roles is our automated user provisioning process, where it is configured with policies and workflows that trigger as soon as a new employee is added to our HR systems or Active Directory. The system automatically assigns the correct group membership, email access, and permissions based on their roles and department, while also enforcing naming conventions and security rules simultaneously. Privileged access requests, such as adding a user to admin groups, go through an approval workflow that requires managerial authorization and is fully logged for auditing. This approach not only saves significant manual effort for the IT team but also ensures strict governance, consistency, and compliance without relying on individual administrators to remember every policy.

Our main day-to-day use of One Identity Active Roles revolves around simplifying and controlling Active Directory operations through delegated administration and policy-based management. We allow helpdesks or junior IT staff to handle routine tasks such as user creation, password resets, and group modifications without giving them full domain access, ensuring security is never compromised. Simultaneously, we rely heavily on its built-in workflows and approval mechanisms for sensitive changes, such as privilege escalation or access to critical systems, which ensures every action follows a defined governance process and is properly audited. Its automation capabilities help maintain consistency in user attributes, enforce compliance policies, and reduce manual errors, making it an essential tool that keeps our identity management efficient, secure, and aligned with organizational standards on a daily basis.

The workflow automation and auditing features of One Identity Active Roles have made a clear impact in our daily work, especially in handling access requests and compliance tracking. When a user needs elevated privileges, the request automatically goes through a predefined approval workflow instead of relying on manual emails, ensuring proper authorization before any changes are made and every action is logged with full details. This becomes extremely useful during audits or troubleshooting because we can quickly track who made what changes and when, reducing investigation time and improving accountability. This approach also removes the dependency on manual follow-ups and minimizes the risk of unauthorized access.

One of the best features of One Identity Active Roles is its strong combination of automation, security, and centralized control, which makes Active Directory management much more efficient and governed. A standout feature is workflow automation, where repetitive tasks such as user provisioning, deprovisioning, and access changes are handled automatically based on predefined rules, saving time and reducing manual errors significantly. Another key feature is role-based delegation, which allows organizations to grant limited control access to helpdesks or junior staff without exposing critical admin privileges, ensuring a least privilege security model. One Identity Active Roles also offers policy-based management where rules enforce naming conventions, mandatory attributes, and compliance standards during any Active Directory changes, maintaining consistency across the environment. Additionally, features such as dynamic groups, memberships, and temporal access automatically add or remove users from groups based on coordination or time, which is very useful for managing temporary or role-based access. Finally, its auditing and reporting capabilities provide full visibility into who made what changes and when, helping with compliance, troubleshooting, and security monitoring. Overall, these features together make One Identity Active Roles a powerful tool for improving efficiency, strengthening governance, and securely managing identity and access management operations.

One area where One Identity Active Roles can be improved is in simplifying its initial setup and configuration process, as deployment can be complex and time-consuming for a new user or organization without deep Active Directory expertise, which can slow down adoption and require additional training or support. Additionally, improving the user interface to make it more intuitive and user-friendly would enhance the overall experience for administration, especially for those who are not highly technical. There is also scope to enhance performance in certain scenarios such as reporting over slower networks. Expanding flexibility in customization and integrations could further strengthen its usability in modern hybrid and cloud environments, making it even more efficient and easier to manage at scale.

One improvement I would particularly highlight for One Identity Active Roles is the need for seamless integration with modern cloud platforms and hybrid environments. Many organizations now operate beyond traditional on-premises Active Directory, and having more out-of-the-box connection connectors and easier configuration for tools such as Azure or other SaaS applications would save time and effort. Making reporting and dashboards more customizable and intuitive would help administration quickly derive insights without relying on external tools. Improving documentation and in-product guidance could also make troubleshooting and advanced configuration much easier, especially for new users who are still becoming familiar with the platform.

I have been using One Identity Active Roles for the last two years.

One Identity Active Roles is generally considered a stable and reliable solution in most enterprise environments, as many users rate its stability quite high, often between seven to ten out of ten. They highlight that it performs consistently well for automation, delegation, and auditing tasks.

One Identity Active Roles is highly scalable and can easily support large enterprise environments with thousands to even hundreds of thousands of users across multiple domains. It grows well with our organization's needs without major performance issues, making it suitable for both mid-sized and large companies.

Customer support for One Identity Active Roles is generally good, as most users report that the support team is responsive, technically knowledgeable, and ready to assist whenever tickets are raised, often providing clear and practical solutions to issues. Although in some cases there are slight delays or slower responses for more complex problems, the overall support experience is positive and reliable, though there is room for improvement in response time for critical or advanced issues.

Before adopting One Identity Active Roles, we were primarily relying on native Microsoft Active Directory tools and manual PowerShell scripts for user and access management. We switched because those methods lacked centralized governance, automation, and proper auditing capabilities, which made the process time-consuming and prone to errors. As our environment grew, managing permissions and ensuring compliance became increasingly complex, so moving to One Identity Active Roles helped us streamline operations with automation, enforce consistent policies, and gain better visibility and control over all directory-related activities.

Integrating One Identity Active Roles with our existing IT infrastructure and Active Directory is moderately straightforward but not entirely simple. It fits well within our traditional Active Directory environment and connects effectively with directory services. However, the initial setup, configuration of policies, and aligning it with existing workflows require careful planning and some expertise, especially when customizing roles and permissions. While basic integration is smooth, more advanced setups such as hybrid environments or additional system integrations can add complexity. Overall, it is manageable but does require a certain level of technical understanding to fully optimize its capabilities.

We have seen a clear return on investment with One Identity Active Roles, as it has reduced manual administration effort by approximately fifty to sixty percent, which directly translates into time savings for the IT team. In some cases, tasks that earlier took fifteen to twenty minutes, such as user provisioning or access changes, are now completed in just a few minutes through automation, while also reducing errors significantly, which avoids network and potential security risks. Overall, it has allowed us to handle the same workload with fewer resources or relocate team members to more strategic tasks, ultimately improving our productivity and delivering strong value compared to the investment made.

Our experience with pricing, setup cost, and licensing for One Identity Active Roles has been generally positive, though with a few considerations as the solution follows a subscription-based licensing model, typically calculated based on the number of managed users and required features, which makes it scalable but can become relatively expensive for larger organizations and environments. The initial setup and procurement process was smooth with good vendor support, but the overall cost is on the higher side compared to basic tools, though it is justified by the value it delivers in automation, governance, and time savings. In our case, we found that the return on investment was strong because it significantly reduced manual efforts and administrative workload, making the pricing work despite the higher upfront and licensing costs.

Before selecting One Identity Active Roles, we evaluated a few other identity and Active Directory management solutions such as Microsoft Entra ID, Okta, and ManageEngine ADManager Plus, as they are commonly considered strong alternatives in the identity and access management space with capabilities such as automation, access control, and governance. While each had its strengths, especially in cloud integration or ease of use, we ultimately chose One Identity Active Roles because it offered more granular control, deeper Active Directory management, and stronger policy-based governance tailored to our on-premises and hybrid environment needs.

My advice for anyone considering One Identity Active Roles would be to invest time in proper planning and initial setup, especially around role design, delegation models, and policy configuration, because the real value of the tool comes from how well these are structured from the beginning. Also, ensure your team has a good understanding of Active Directory. I would rate this product a nine out of ten overall.

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

I have used the solution for over three years.

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

One Identity Active Roles serves as the centralized Active Directory user and group management solution in our organization. We primarily use it for automatic routine identity administration tasks like user provision, role assignment, and group management, which reduce the need for manual Active Directory changes.

A good example in our organization is employee onboarding in Active Directory using One Identity Active Roles. When a few employees join, instead of the IT team manually creating a user account and assigning permissions, the process is triggered through predefined rules and roles based on an employee's department, for example, finance or IT, and One Identity Active Roles handles this automatically.

One Identity Active Roles has become a daily operational control point for identity governance in our organization and environment. Beyond onboarding and role changes, we use it regularly for day-to-day identity administration tasks like resetting and managing user accounts in a controlled way, delegating limited administrative rights to different IT teams, and tracking and auditing every directory change for compliance purposes.

One Identity Active Roles offers excellent features that mainly focus on automation, governance, and secure Active Directory management. A few of them really stand out in daily use. One of the most important features is automated user and group provisioning. It allows us to create, modify, and remove user accounts based on predefined rules, which significantly reduces manual work and ensures consistency across the environment.

The automated user and group provisioning feature in One Identity Active Roles has had a very noticeable positive impact on our team, especially in terms of time saving and accuracy. Before automation, onboarding or updating a user required multiple manual steps in Active Directory, including creating accounts, assigning groups, applying permissions, and verifying everything. This was not only time-consuming but also prone to human error such as missing group assignment or incorrect permissions.

Another feature that stands out in One Identity Active Roles is the delegation and role-based administrative model. It allowed us to safely delegate administrative tasks for different teams without giving them full Active Directory privilege.

One Identity Active Roles has a strong positive impact on our organization, mainly by improving efficiency, security, and governance in Active Directory management. One of the biggest improvements is the reduction in manual administrative work. Tasks such as user creation, group assignment, and access updates are now automated in policies, which has significantly reduced IT efforts and processing time. This has also helped us to avoid common human errors such as incorrect group membership or missing permissions.

Since implementing One Identity Active Roles, we have seen clear improvement in both time efficiency and error reduction, especially in identity lifecycle management. In terms of time saving, the biggest impact is in onboarding and routine Active Directory administration.

One Identity Active Roles has a strong positive impact on our compliance efforts and regulatory readiness. The biggest improvement comes from centralized audit and change tracking. Every identity-related action, such as user creation, group change, or permission update, is automatically logged. This gives us a complete audit trail, which is very important during internal and external compliance reviews.

Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization. Before its implementation, most Active Directory tasks such as user provisioning, group updates, and permission changes were manual and often required coordination between multiple teams. This not only increased workload but also introduced delays and occasional errors.

The delegation capability in One Identity Active Roles has had a very positive impact on our workflow and operational efficiency. Previously, most Active Directory tasks had to go through a central IT or domain admin team. We can now safely assign specific responsibilities to different teams or a support group without giving them full domain-level access.

A few improvements I would like to see in One Identity Active Roles are mainly around usability, reporting, and modern integration. One key area is user interface simplification. While the tool is very powerful, the admin console can feel complex for a new administrator. A more modern, intuitive UI with clearer navigation would make onboarding easier for IT teams. Another improvement area is reporting and analysis. Having more real-time dashboards, customizing reports, and better visibility into identity changes will make it easier to monitor governance at a glance without exporting data manually.

A couple of additional improvement areas stand out, especially around integration and operational flexibility in One Identity Active Roles. One important area is smoother integration with the modern SaaS and cloud identity ecosystem. While it works very well with Active Directory integration, newer cloud-native applications or hybrid environments can sometimes require extra configuration efforts. More out-of-the-box connectors and simpler setup in cloud platforms would make adoption faster and easier.

Better real-time monitoring and alerting would also be beneficial. While the platform does provide auditing and logs, having more proactive, real-time alerts for unusual identity changes such as bulk permission updates or suspected group notifications would be beneficial.

I have been using One Identity Active Roles for two years.

One Identity Active Roles is stable. Based on real-world usage patterns and enterprise feedback, One Identity Active Roles is generally considered stable and reliable in a production environment.

Customer support for One Identity Active Roles is generally good, but with a few mixed experience issues. From our experience, the support team is technically knowledgeable and helpful, especially for standard configuration issues and Active Directory integration questions regarding known product behaviors. When the issue is well defined, they usually provide clear guidance and workflow solutions.

Before choosing One Identity Active Roles, we did evaluate a few other identity and access management solutions, mainly to compare automation, Active Directory governance features, and scalability.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, but required careful planning during setup. Since it is primarily designed for Active Directory environments, integration with our core directory service was quite straightforward and worked smoothly out of the box. It connected well with the existing AD structure, which made initial deployment faster and more stable.

We have seen a clear return on investment with One Identity Active Roles, mainly driven by usage savings, reduced manual effort, and improving operational efficiency rather than direct cost reduction alone. One of the biggest measurable impacts has been administrative time saving.

My advice to others considering One Identity Active Roles is to start with clear planning and a well-defined identity governance model before implementation. From our experience, the tool is very powerful, but the real value comes when rules and access policies are properly designed upfront, with the Active Directory structure being clean and well-organized.

One final thought about One Identity Active Roles is that its biggest strength is not just automation, but the governance structure it brings to Active Directory management. It efficiently shifts identity management from the manual, ticket-driven process to a policy-based control system, which improves both security and operational consistency over time. I would rate this product a 9 overall.

The main use case of One Identity Active Roles is to support daily Active Directory administrator tasks. Routine tasks such as user creation, password resetting, account updates, and handling are performed through One Identity Active Roles, which can be managed by the support team and has really improved the efficiency of our teams.

A real-time day-to-day example of using One Identity Active Roles is that a help desk user can reset the password and unlock the account without accessing Active Directory directly. When new users are created, required settings are applied automatically, making our jobs easier and operations very smooth. Previously, this was taking so much time, but nowadays it is automated, so it is a very good solution.

The best features One Identity Active Roles offers, in terms of my use cases, include its policy enforcement to ensure that all changes follow predefined standards, avoiding incorrect configuration and maintaining consistency across Active Directory, the role-based access control that allows assigning permissions based on job roles to simplify management and improve security in our organization, and its automation features.

I need to highlight role-based access control in One Identity Active Roles, as it has had the biggest day-to-day impact. Automation and policy enforcement are powerful, without doubt, but role-based access control is what fundamentally changed how we operate. Earlier, many tasks were a bottleneck, with only a senior admin able to perform most Active Directory changes, resulting in many help desk tickets. However, with One Identity Active Roles, we created fine-grained roles such as password reset, group management, and user provisioning, assigned those roles to the help desk team, and restricted access to only those organizational units based on attributes. Now, 90% of routine tasks are handled without escalation.

The effect of One Identity Active Roles on the complexity and workload of administrative tasks related to Active Directory has been very positive. It significantly reduces the operational burden while making processes more structured and controlled. It has really reduced administrative complexity. Tasks are handled through templates, policies, and workflows, which has significantly reduced the workload.

One Identity Active Roles has really impacted our organization very positively. It has improved control over Active Directory operations and reduced manual efforts. Tasks are completed faster than previously and more securely. These are the positive impacts we are seeing in day-to-day operations.

One Identity Active Roles has really proved its value. While exact numbers vary by environment, the provisioning time reduced by 70 to 80% and it is very smooth, and help desk ticket resolution improved by 60 to 80%. It has really reduced the use of privileged accounts, contributing to the positive impact we are seeing.

As far as improvements to One Identity Active Roles are concerned, I do not think any lack of features is present in the solution. It is working well and is a very powerful solution. There is no need for improvement as per my requirements.

One thing I can add is that One Identity Active Roles could be more simplified for the initial setup and configuration.

I have been using One Identity Active Roles for more than four years.

One Identity Active Roles is stable.

From a scalability perspective, One Identity Active Roles is a very good solution. There is no kind of challenge.

Customer support for One Identity Active Roles is very supportive and good in their technical aspects.

From day one, we have been using One Identity Active Roles only.

Regarding Active Directory integration with One Identity Active Roles, it was very smooth and quick. We have not seen any kind of challenge, and it synced with Active Directory beautifully.

We have seen a huge return on investment with One Identity Active Roles. In many cases, that was quite measurable, such as reduction in provisioning and admin efforts by 40 to 60%, which resulted in reduced need for additional staff. Without it, we would need thousands of additional people. Cost saving and efficiency gain have led to some users reporting approximately 75% ROI and cost reduction.

I have had a great experience with the pricing, setup cost, and licensing of One Identity Active Roles. There is no challenge we have seen as far as the vendor is concerned.

We have not evaluated other options before choosing One Identity Active Roles.

I will highly recommend One Identity Active Roles because it is a very useful tool for improving Active Directory management and control. It really reduces risk and improves efficiency. It is well suited for organizations with a large Active Directory environment, which I will recommend highly. I gave this review a rating of 8.

I have been working in the cybersecurity field for about one year using One Identity Active Roles.

One Identity Active Roles is used for Active Directory management and user lifecycle management, including tasks such as user provisioning, group management, and enforcing access policies in a controlled and automated way.

When a new employee joins, I use One Identity Active Roles to create the user account with predefined templates and automatically assign the required groups and permissions, ensuring consistency and saving time. Similarly, when someone leaves, I can quickly disable the account and remove access.

Password resets and access requests represent another scenario related to our main use case, where Active Directory allows us to delegate tasks securely to help desk teams without giving full admin rights, reducing the workload on admins and ensuring proper control and auditing.

One Identity Active Roles has improved our daily operations by simplifying user management and reducing manual work, as tasks like user creation, password resets, and access changes are faster and more consistent while also improving security by controlling permissions and keeping proper audit logs. Overall, it saves time and makes administration more efficient.

We saw around forty to fifty percent time savings in routine tasks like user creation and password resets, while the help desk workload also reduced since tasks are delegated properly, and errors in access management decreased, improving overall security and consistency.

The best features of One Identity Active Roles, in my opinion, are automated user lifecycle management, rule-based access control, and delegation, which allows us to automate the creation and modification of user roles, saving a lot of time while providing fine-grained access control with least privilege, thereby improving security.

The features are very helpful in daily work, especially with delegation, where we can give limited access to the help desk team to handle tasks like password resets or unlocking accounts without giving full admin rights, improving security and reducing the workload on senior admins.

One more useful feature of One Identity Active Roles is auditing and reporting, which tracks all changes made to user accounts and access, being very helpful for troubleshooting and compliance. Many people do not realize how useful this is for maintaining security and accountability.

One Identity Active Roles is very helpful, but a few improvements could make it even better, such as simplifying the user interface to make it more user-friendly, especially for new users, and making setup and configuration easier. Adding more customization in reporting and improving performance for larger environments would further enhance the experience. Overall, it is a strong tool with minor areas for improvement.

Navigation between different options can feel complex, so simplifying that would help. Additionally, quicker search and better filtering options for users and groups would make daily tasks even faster, enhancing usability.

I have been working in my current field for three years.

One Identity Active Roles is generally stable and reliable, with most users rating its stability quite high, often between a seven to ten out of ten, consistently performing for daily operations like automation and user management without major downtime reported.

One Identity Active Roles is highly scalable, capable of handling large environments with thousands or even hundreds of thousands of users across multiple domains without major issues and continuing to perform well and manage user groups and policies efficiently as the environment grows.

The customer support is good, with the team being knowledgeable and helpful, usually assisting well with issues, although response times can sometimes vary depending on the complexity.

I would rate the customer support a nine out of ten.

We were not using any dedicated solution before One Identity Active Roles, as most tasks were handled manually in Active Directory, and we switched to reduce manual efforts, improve security, and make user management more efficient.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was relatively easy since it works closely with Active Directory, where the basic setup was straightforward; however, some configuration and fine-tuning took time. Once integrated, it works smoothly with our existing infrastructure.

We have seen a good return on investment, as routine tasks like user creation and password resets became faster, saving around forty to fifty percent of the time; delegation also reduced the workload on admins, allowing the team to focus on more important tasks, improving efficiency and reducing operational efforts.

Our experience with pricing, setup cost, and licensing has been reasonable; the initial setup took some effort, especially during configuration, but it was manageable, with licensing being flexible based on the number of users and the environment, making it scalable and providing good value considering the features and time savings.

We did not formally evaluate other tools before choosing One Identity Active Roles, selecting it based on our requirement for better Active Directory management, automation, and security.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory, as routine tasks like user creation, password resets, and access changes are automated or delegated, saving time and reducing manual efforts while making management more structured and consistent, making overall administration easier and more efficient.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very good, allowing us to assign specific tasks like password resets, account unlocks, and basic user management to the help desk team without giving them full admin rights, which has improved our workflow by reducing the workload on admins and speeding up issue resolution while also improving security and accountability since access is controlled and all actions are properly logged.

My advice for others looking into using One Identity Active Roles would be to clearly understand your Active Directory structure and requirements before implementation, plan roles and permissions properly, and make good use of the automation and delegation features to reduce manual work and improve security.

Overall, One Identity Active Roles is a reliable tool that simplifies user management and improves security, saving time and making daily operations more efficient. I would rate this product eight out of ten.

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers.

Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us.

Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake.

About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

One of the things I would like to see more robust is the change history. One Identity Active Roles can only monitor changes that happen in the console, and the logs don't go back longer than thirty days, maybe sixty days. The change history, when we've seen accounts get modified, we leverage a container domain that funnels accounts into our Active Directory console. I would like to see from an initial user provisioning perspective, for them to isolate the workflow and say that this came in on X date and account was created. If anyone were to modify that account from an external resource, I would like to be able to read that as well. One Identity Active Roles is strictly limited to the console. If someone makes a change, the history of those changes is not as long as I would prefer.

Our company has used One Identity Active Roles for over five years. I have been with them for the last four years. Personally, I have been a user and managed the team that controls One Identity Active Roles for four years.

Regarding stability, One Identity Active Roles is mostly stable. The only times it is not is when we have the eight-point-zero long-term service release. I have not seen any sort of hiccups in connectivity. If anything, it is on our side from a networking standpoint. It is a very stable product, at least recently.

One Identity Active Roles is more beneficial to a large corporation. I am sure that licensing can vary in cost, but it is definitely very beneficial to complex Active Directory environments from a control perspective and being able to grant least privileged access that folks need to do their job.

We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there.

Neutral

I have not used any alternatives to One Identity Active Roles. From an on-premises AD standpoint, delegated access has been with LifePoint as long as in my career. That is what we have leveraged. It has been useful. We have rolled it out across several Active Directory domains as our management overlay, but that has been our main one.

When I first started using One Identity Active Roles, it is intuitive. It is not super complex. The management of it, we used it from a user provisioning standpoint before we switched human capital management systems. I was not really involved in that, but from an end user standpoint, you pick your web database server. The thick client is much easier from a UI perspective looking through it because it looks very similar to ADUC if you have any experience in IT. The web portal is fine. I think it is a little more clunky, and that is what most folks use, but it is intuitive. You pick your web or database server, log in with your credentialed account, and it synchronizes and loads. It is seamless, and from an intuitive standpoint, it is on the higher end.

Regarding the pricing of One Identity Active Roles, it is definitely on the expensive side compared to solutions for what it does. It is a necessary need for us. I don't know One Identity Active Roles' business model, but it is very niche in the sense that they are going to target complex environments like mine that have a need for delegated access. There are other IGA platforms that do delegated access and offer a much larger suite of solutions, but it is definitely on the expensive side. I think our total was in the seven-figure range for a couple of years of service.

Overall, I would give One Identity Active Roles a rating of nine out of ten. The main pain point I have is not huge because I know there are AD audit solutions out there individually. But with the control that One Identity Active Roles has, being as intuitive as it is, I think it is a nine out of ten. I would recommend it to any healthcare conglomerate that has multiple hands in an Active Directory environment. There are many components that I think our team is not touching the surface on from a dynamic group perspective, and we just use it for what it is today, but I think there are more components that we could explore.

One Identity Active Roles is used primarily to manage and provision AD user and group accounts, delegate access more securely, and enforce role-based control.

We also use it to automate new joiner, mover, or leaver workflows, apply policy-based approval, and maintain audit and compliance reporting across various customer environments.

For example, One Identity Active Roles is used for user provisioning. When a new AD user is created, One Identity Active Roles automatically places the account in the correct OU, applies naming rules, and assigns role-based group membership based on its department.

If privileged access is requested, it enforces approvals and logs the change for audit compliance.

Day-to-day, One Identity Active Roles is used to delegate AD tasks safely to the service desk team, automate routine user group changes, and enforce policy-based controls so changes are consistent and auditable across multiple customer environments.

One Identity Active Roles offers several valuable features in our experience. Role-based access control allows us to define who can do what and reduces the risk from broad admin rights.

The automated provisioning workflows automatically create, update, and disable accounts with approval steps.

Additionally, group management automation allows us to auto-assign users to groups based on attributes such as department, location, and job roles.

We also value the auditing and compliance reporting, which helps us to track who did what and when, assisting in satisfying compliance requirements.

One Identity Active Roles has helped us standardize and secure identity management across multiple customer environments.

It has also reduced our manual effort through automation and minimized error with policy enforcement, improved our security through role-based access control and approvals, and strengthened our compliance with full auditing.

This results in faster operations with lower risk and more consistent service delivery.

One area where One Identity Active Roles can be improved is by having deeper native connectors with existing and more ITSM and identity tools, which would simplify automation across multiple cloud and customer locations.

I would also suggest enhancing the reporting flexibility; while audit reporting is strong, customizable dashboards and visuals could help non-technical stakeholders gain insight faster.

Some users find the admin console and workflow designer to be somewhat complex, so making the interface more modern could reduce the learning curve.

One Identity Active Roles has had no downtime and no major reliability issues so far. It remains stable, although we have encountered a few issues that are manageable.

One Identity Active Roles is scalable and can be deployed in small organizations to large organizations.

It also scales from one line of business to multiple lines of business under a single centralized cloud management platform.

Interacting with customer support for One Identity Active Roles is always positive. They are knowledgeable, and the response time is low.

Negative

Before One Identity Active Roles, we used manual scripts for user and group management.

We switched because the native tools were time-consuming and very error-prone, lacking the automation and delegated administration features.

One Identity Active Roles provided us with centralized, policy-driven management, automated workflows, and role-based access control, which made managing multiple customer environments much more efficient and secure.

Since using One Identity Active Roles, we have definitely seen a return on investment.

We have saved time; the automated provisioning and rule-based workflows have reduced manual AD tasks by around thirty to forty percent, freeing IT staff for higher priority work.

Additionally, we have reduced costs—fewer errors and misconfigurations mean less time spent troubleshooting, and we actively use that to lower operational costs.

The granular role-based access and audit-ready reporting have also reduced our risk and simplified audits.

My advice for others considering One Identity Active Roles is to proceed with the implementation.

Start with one line of business, and then expand it to multiple lines of business and customer environments.

I also suggest taking advantage of auditing and reporting from day one to simplify compliance.

I would rate this product an eight out of ten.

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

I have been using One Identity Active Roles for more than three years.

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.