One Identity Active Roles Reviews

We use it to lock down the interface between helpdesks and Active Directory.

It's improved things because we don't have "cowboy changes" being made to AD without us knowing about it. People still have to do the things they need to do, but we can now make sure that they don't inadvertently do something they shouldn't.

It hasn't saved us time in terms of what needs to be done, but it has saved us time in terms of not having to go back and fix stuff when people have made mistakes.

It gives us attribute-level control and the AD management features work very well.

For what we use it for, there are no additional features it would need.

Most of the time it just works.

It works at the scale we use it at. I can't say whether it would work in much bigger enterprises or not.

I, personally, have never had cause to use technical support. My guys have interacted with them a few times and have been happy with the support they've received.

Previously, people were able to update AD directly. We have reduced that by pushing everything through Active Roles. Our decision to go with this solution was part of the need to lock things down, make things more secure.

We did the deployment ourselves.

My advice would be to certainly consider Active Roles and, depending on the size of the organization, consider integrating it with Starling as well.

I know the solution is extensible through cloud-delivered services but we don't use those currently.

I would rate Active Roles a nine out of ten, based on the convenience it's given us.

We use ARS to manage multiple domains. Our organization owns over thirty companies and we needed a tool that would give us the ability to apply consistent access rules across all of the businesses.

ARS gives us the ability to provide granular control that AD just doesn't offer. Having a tool to manage all changes to AD from a single pane of glass is awesome. It also allows Help Desk personnel to get up to speed very quickly without having a strong technical background.

The built-in templates within ARS allow you to create security groups without having to construct them on your own. It greatly simplifies the process and is also makes it much easier to review if you ever need to make changes.

The ability to send logs to a SIEM would be very beneficial.

• Automation of manual identity management operations (provisioning and deprovisioning).
• Solving security and compliance issues is easy.
• Operational issues are much easier and more reliable with Quest ActiveRoles's directory layer and portal.

It provides automatic provisioning for many applications and systems, including in-house applications and cloud applications. Also, it offers a virtual directory structure and a new directory layer between users and physical directories. Management and monitoring become easier.

Scripting options in different languages.

Not yet.

No.

It is excellent. Quick and useful answers.

They also have a large community portal where you can find a lot of information.

I didn't use any other solution, but I evaluated many solutions.

It was simple. I didn't have a problem. It took half a day.

There is a simple user-based licensing model. Not complicated.

Yes. NetIQ, FIM, Oracle, CA, IBM, and SailPoint.

Choose your project team well. Remember that analysis of all processes is very important. Don't forget that testing is also very important after each development.