One Identity Active Roles Reviews

My main use case for One Identity Active Roles is managing Active Directory users and groups in a centralized way, and I primarily use it for provisioning, access management, password reset, onboarding and off-boarding processes, and delegated administration.

During employee onboarding, I use One Identity Active Roles to create user accounts, assign the required group membership, apply department-based permissions, and configure account policies from a centralized console. For delegated administration, specific tasks such as password reset or basic account management can be assigned to a specific support team without giving them full domain admin access, which improves security and also reduces workload for senior administrators.

Apart from onboarding and access management, I also use One Identity Active Roles for account lifecycle management, such as disabling accounts during off-boarding and updating permissions during role changes. It helps with maintaining consistency through policy-based administration and reduces manual effort for repetitive Active Directory tasks.

A valuable feature of One Identity Active Roles is delegated administration because it allows different teams to handle specific tasks without giving full Active Directory access. I also find that centralized user and group management very useful since it simplifies onboarding, off-boarding, permission updates, and account management from a single interface. The strong feature is automation and workflow management, which helps reduce manual effort and improve consistency and minimize administrative errors.

Account creation, group assignment, and permission management can all be handled from one place instead of manually configuring everything in Active Directory, making it much faster. Delegated administration also makes support operations easier because basic tasks of password reset and account unlocks can be securely handled by the support team without requiring administrative privileges. These features improve visibility and help maintain better control over administrative changes.

One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks. It also enhanced security through delegated administration because teams can perform specific tasks without needing full domain admin rights. Another positive impact is reduced manual errors and faster onboarding and off-boarding processes, which improved overall operational efficiency for my IT team.

Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues. Additionally, improving the overall performance and simplifying some workflow configurations would make day-to-day operations easier.

I have been using One Identity Active Roles for around one year.

One Identity Active Roles has been a stable solution for day-to-day Active Directory administrative and identity management tasks in my experience, as I have been able to use it reliably for user provisioning, delegated administration, and access management with consistent performance. As with any enterprise solution, proper configuration and maintenance are important, but overall, it has been stable in my environment.

One Identity Active Roles is scalable and is actually designed specifically for large enterprise environments and hybrid environments, so it has centralized multi-domain management tailored for large enterprises.

Customer support for One Identity Active Roles is generally rated as good but not perfect, so it really depends on the type of issues and how my environment is set up.

Previously, most of the administration was handled directly through native Active Directory tools and manual processes. My organization moved to One Identity Active Roles to improve centralized management, delegation, and automation, which also helped improve security and reduce manual workload through better control over permissions.

The integration process was relatively easy because One Identity Active Roles integrates well with existing Active Directory environments. The initial setup and configuration required proper planning and understanding of the directory structure, but once configured, it worked well with the existing IT infrastructure, making the centralized management and policy-based administration easier to align with my current identity management process.

From an operational perspective, I have seen a positive return in terms of time-saving and administrative efficiency. For example, routine tasks of user onboarding, permission updates, and account management are completed much faster now compared to manual Active Directory administration. While I was not directly involved in financial calculation, it has definitely improved efficiency and reduced manual effort for my IT teams.

I was not involved directly in the product evaluation or selection process, so I cannot comment in detail on all the alternatives that were evaluated. However, from my understanding, the decision was mainly based on improving centralized Active Directory management.

After using One Identity Active Roles, onboarding account management tasks become noticeably faster. For example, creating a user account and assigning permissions that previously took around fifteen to twenty minutes manually can be completed in just a few minutes through centralized workflows. I have also noticed fewer permission-related mistakes and improved consistency because policies and templates are applied in a standardized way.

My advice for anyone evaluating One Identity Active Roles is that if you are planning to use Active Roles, the most important thing to understand is that it is not just a tool; it is an identity management framework for Active Directory and hybrid environments. Success depends more on design and implementation than the product itself.

One Identity Active Roles is deployed in an on-premises environment integrated with my Active Directory infrastructure. I use One Identity Active Roles for Active Directory administration and identity management tasks, so it is mainly consolidated around centralized user management and delegated administration.

I have utilized the fine-grained permission control feature in One Identity Active Roles mainly through delegated administration, which helped implement least privilege principles by allowing teams to perform only the specific task required for their role, such as a password reset or account unlock, without providing full Active Directory administrative access. This improved security, reduced unnecessary privileged access, and helped maintain better control and accountability over administrative activities.

My impression of the automation capabilities is very positive because they help reduce repetitive manual administrative tasks and improve consistency in user management. For example, during onboarding, account creation, group assignment, and applying standard permissions can be handled through predefined workflows and policies, which saves time and reduces configuration errors. Automation also helped during off-boarding processes by quickly disabling accounts and removing access in a centralized way, improving both efficiency and security.

Administrative tasks related to Active Directory, such as user provisioning, group management, password reset, and access updates, become more streamlined and easier to handle. It also reduced manual workload for administrators because many repetitive tasks can be completed through workflows and delegated administration instead of handling everything directly in native Active Directory tools. It has significantly reduced the complexity of many Active Directory administrative tasks by centralizing management and automating routine operations.

I think the pricing structure will be suitable. I have given this review an overall rating of nine.

On-premises

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

I have been using One Identity Active Roles for more than three years.

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

On-premises

Other

My main use case for One Identity Active Roles is Active Directory management, user provisioning, provisioning and de-provisioning, role-based access control, and automating identity administration tasks.

The best features One Identity Active Roles offers are automated user provisioning, role-based access control, and delegated administration, auditing, and centralized Active Directory management. I also find the workflow automation and policy enforcement features very useful because they help reduce manual efforts, improve security, and maintain consistency across the environment. Features such as access templates, dynamic groups, and detailed reporting also make identity administration much more efficient.

Access templates and dynamic groups have helped standardize permissions and reduce manual configuration work. For example, when a user moves to a different department or role, the correct group membership and access right can be updated automatically based on predefined policies, which improves consistency and reduces errors.

Another feature I find valuable in One Identity Active Roles is the auditing and reporting capability. It provides clear visibility into changes made in Active Directory, which helps with troubleshooting, compliance, and security monitoring. The delegated administration feature is also very useful because it allows tasks to be assigned securely without giving full administrative access.

One Identity Active Roles has improved the efficiency of identity and access management in our organization. It reduced manual administrative work, improved consistency in user provisioning and access control, and strengthened security through better policy enforcement and auditing.

I noticed significant time-saving after implementing One Identity Active Roles. User provisioning, access updates, and onboarding tasks that previously required a lot of manual efforts are now completed much faster through automation, reducing administrative workload by around forty to fifty percent. It also helped reduce configuration errors and improve compliance by enforcing standardized access policies and maintaining detailed audit logs for Active Directory changes.

One Identity Active Roles could be improved with a more modern and user-friendly interface, especially for new administrators. Some advanced configuration and workflow can feel complex, so simplifying setup and management would improve the overall experience. Better integration and reporting customization options would also be helpful for large environments.

Other improvements needed for One Identity Active Roles include providing more simplified documentation and onboarding resources for advanced features and workflow configuration. Faster troubleshooting guidance for complex environments and more flexible reporting options would also help administrators manage identity operations more efficiently. Overall, the platform is reliable and delivers strong value for Active Directory management and automation.

Improvements for One Identity Active Roles would include enhancing performance and responsiveness in very large environments with complex workflows and multiple integrations. More built-in analytics and easier customization for dashboards and reports would also help administrators gain insights more efficiently.

I have been using One Identity Active Roles for around one year.

One Identity Active Roles is stable.

One Identity Active Roles has shown good scalability in our experience. It can efficiently handle a growing number of users, groups, workflows, and Active Directory objects without major performance issues, making it suitable for enterprise environments and hybrid infrastructure.

My experience with customer support has been positive overall. The support team is very knowledgeable and generally responsive in handling configuration issues, and I receive good technical expertise and helpful assistance from the support team.

Before using One Identity Active Roles, we mainly relied on native Active Directory tools and manual administrative processes. We switched because One Identity Active Roles provided better automation, centralized management, delegated administration, and stronger auditing capabilities, which helped reduce manual efforts and improve security and operational efficiency.

My experience with pricing, setup cost, and licensing was generally positive. The initial setup required proper planning and configuration, especially for workflow, delegation policy, and Active Directory integration, but the deployment process itself was manageable.

We have seen a positive return on investment, mainly through time-saving and reduced administrative workload. Tasks such as user provisioning, access updates, and account management that previously required a lot of manual efforts are now automated, reducing administrative efforts by around forty to fifty percent. It also helps reduce configuration errors, improve compliance, and allows administrators to focus more on strategic identity and security tasks instead of repetitive manual processes.

Before choosing One Identity Active Roles, we evaluated other solutions, and we selected One Identity Active Roles because of its strong Active Directory management capabilities, delegated administration, automation features, and centralized visibility across hybrid environments.

My advice for others looking into using One Identity Active Roles is to clearly plan your identity management and Active Directory requirements before implementation. Invest time in proper onboarding and workflow design so you can fully utilize the automation, delegated administration, and compliance features. Once configured properly, it can significantly reduce manual efforts and improve security and operational efficiency.

Overall, One Identity Active Roles has been a reliable and valuable solution for improving Active Directory management, automation, and access control. It helped reduce manual efforts, improve security, and streamline identity administration tasks across the organization. I would rate this product an eight out of ten.

Public Cloud

Amazon Web Services (AWS)

One Identity Active Roles is used for provisioning and directory management.

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.

Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.

I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.

I have been using One Identity Active Roles for about three years.

One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.

I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.

I rate the vendor's technical support a ten out of ten.

Positive

We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.

The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.

One Identity Active Roles was purchased through a partner.

I am aware of the pricing; it is on the expensive side, though pricing is not my department.

One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.

The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.

I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.

I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.

I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.

The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.

On-premises

I use One Identity Active Roles primarily for identity management. We use it for managing multiple domains from a single interface, and the domains do not have trust between them. It has been used by multiple support teams, such as the service desk or the identity access management team for account creation, modification, and management of accounts. It is mostly focused on account creation, modification, deletion, and AD objects.

One Identity Active Roles has helped my organization reduce the number of incorrect privileged accounts through the management unit feature. It helps us identify accounts that are not in use, and while creating admin accounts, we use it to set policies regarding which required fields must be filled during account creation. This helps us keep the process clean and ensures all required attributes are filled before account creation. We have scheduled scripts on One Identity Active Roles that check if activity meets criteria. If it doesn't, it will move the account to a specified OU, disable it, or delete it, as per the defined process.

One Identity Active Roles helps us keep accounts consistent. For instance, when somebody leaves the company, all associated accounts get removed, which helps us eliminate unwanted accounts.

For Active Directory, the provisioning and de-provisioning capabilities work exceptionally. The de-provision feature allows account disconnection without disabling it, enabling quick reconnection with automatic group additions. This feature significantly speeds up the process compared to disabling and re-adding to groups.

The comprehensive group membership management feature is exceptional because it offers two features not available in Active Directory directly: adding multiple secondary owners and dynamic groups. The latter is only available for Azure AD, not for on-premise AD.

Using One Identity Active Roles enables temporary group additions. For instance, if a group provides access, we can temporarily add a member, and when the time period expires, the member gets removed automatically.

The granular control is exceptional; we can give the least control required by the team. For modifying any group, we don't have to give create and delete roles; we can just give them the move role. 

The delegation of administrative access impacts IT operations positively through access templates, which are usually created based on the team.

One Identity Active Roles has increased operational efficiency despite occasional slowdowns. Solution consolidation is part of our identity and access management strategy, eliminating the need for direct Active Directory access for the help desk and IAM team.

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners. 

The interface appears outdated. Once logged in, everything inside remains unchanged from years ago. 

Additionally, when they release new features, they should provide training or webinars at least once or twice a year. This would help users stay updated and aware of new features. When I requested a demo session with One Identity, the presenter didn't provide complete details, making it difficult for non-technical managers to understand. The demo should be planned based on the customer's knowledge level.

Regarding visibility in the directory ecosystem, while it is very good, there are limitations. When we add numerous domains, it becomes slow. With around 60 domains, attempting to add approximately 30 caused significant performance issues. We had to remove and decrease the number of domains, indicating room for improvement in managing multiple domains from a single interface.

I have been using One Identity Active Roles for approximately 11 or 12 years.

I would rate the stability as eight out of ten. I have already discovered approximately three defects in the new version. 

While One Identity Active Roles has improved operational efficiency, there are occasional challenges with system slowdowns.

The scalability is excellent, rated around nine or ten out of ten. It can be expanded or decreased based on the SQL server requirements.

In our organization, the solution is open to all users with read-only access, with approximately 200 users having admin access. 

I would rate their support a nine out of ten.

Positive

I've personally deployed systems from scratch, from planning through to completion.

Deployment is not overly complicated. We do need to ensure that the required ports are open and that we have the necessary permissions. However, it does vary from company to company regarding how they manage to get those ports opened and permissions granted. Based on my experience, I would rate the complexity of deployment as about a seven or eight out of ten. In the new version, we did encounter some issues related to system slowness, but other than that, most aspects look good.

The deployment duration depends on your company's processes. If you manage to get the ports opened and the permissions granted quickly, the deployment can be completed in about two months. For us, it took approximately six months because acquiring the necessary permissions and opening the ports took time. Additionally, post-deployment, we needed to conduct some testing as well. So, while I wouldn’t say it takes excessively long, it does depend on your circumstances. If everything is in place, meaning if the ports are open and permissions are set, you could deploy a basic version within two days.

The solution requires regular maintenance, including server patching and routine updates. We monitor alerts and check the website regularly as part of business-as-usual support.

When comparing One Identity Active Roles with other solutions in the market, there are no direct competitors. Having explored alternatives in my previous company, I found it to be more user-friendly and to have more secure features around Active Directory than other available solutions.

Regarding integration, I have not yet integrated One Identity with other One Identity products as this process is ongoing with our recent upgrade. While we have multiple One Identity products, this integration remains a future project.

Regarding lifecycle management capabilities via the workflow engine, we have not fully utilized it because most workplaces have used third-party tools such as Microsoft MIM. At my previous workplace, SailPoint was used for complete account lifecycle management. We primarily used One Identity Active Roles for account management after creation and for modification of admin accounts.

I would recommend One Identity Active Roles based on its ability to manage domains from a single interface and provide minimal-required access based on work requirements. The web interface login and MMC console are very user-friendly.

I would rate this solution an eight out of ten.

On-premises

One Identity Active Roles serves as my primary platform for centralized Active Directory administration and identity management automation.

In my day-to-day work, I use One Identity Active Roles for centralized Active Directory and identity management through access provisioning. When a new employee joins the organization, One Identity Active Roles handles the creation of the Active Directory account, group membership, mailbox-related configuration, and role-based access assignment through a centralized workflow.

This automation has significantly impacted my daily tasks and the onboarding process by reducing administrative effort, minimizing configuration errors, and accelerating the onboarding process, which saves considerable time. Before we implemented One Identity Active Roles, the administrator manually managed multiple accounts across different systems. After implementing One Identity Active Roles, the platform applies policies and templates to provision new accounts consistently and securely.

An additional benefit of my main use case is the consistent governance across identity management operations. Since many administrative tasks are automated and policy-driven, our teams spend less time handling repetitive manual account management activities and troubleshooting configuration inconsistencies.

One of the best features of One Identity Active Roles is its automated onboarding capability.

The feature that stands out most for me is the delegated administration combined with policy-based automation, which provides a strong balance between operational efficiency and security governance. One of the most valuable aspects is the ability to assign administrative responsibility to specific teams without granting full Active Directory administrative privilege. For example, Help Desk or regional IT teams can manage password resets, group membership, or user account updates within a controlled scope, while core security and directory administrators remain centrally governed.

A feature that stands out during daily operations is the centralized auditing and tracking capability. In enterprise Active Directory environments where multiple administrators and support teams are involved, having detailed visibility into account changes, group modifications, and administrative actions is extremely valuable.

One Identity Active Roles helps simplify troubleshooting, improve accountability, and support compliance and audit requirements because administrative activities can be tracked more efficiently from a centralized platform.

One Identity Active Roles has positively impacted our organization by improving operational efficiency, strengthening governance, and reducing manual administrative effort within Active Directory and identity management operations. One of the biggest improvements was the automation of routine identity lifecycle tasks such as user provisioning, account updates, group management, and deprovisioning, which reduced repetitive manual work for administrators and helped minimize configuration errors.

We observed noticeable operational improvements after implementing One Identity Active Roles, especially in user provisioning and administrative management processes. For example, onboarding and account provisioning tasks that previously required multiple manual activities and directory updates became significantly faster through policy-based automation and predefined templates, reducing the time required for runtime account management activities and improving consistency across the environment.

One Identity Active Roles is a strong platform for identity and administration and Active Directory management; however, I see a few areas where it could be improved. One area is the user interface and administrative experience. While the platform is feature-rich, some workflows and configuration screens can feel complex for new administrators, especially in large enterprise environments with extensive policy configurations.

Another area for improvement is reporting and analytics. More modern and customized dashboards with deeper operational insights would help administrators monitor identity management activities and governance metrics more efficiently. We also found that advanced workflow customization and integration scenarios can require significant expertise and planning, so simplifying some of the configuration and automation processes would improve usability and reduce the learning curve for administrators.

I have been working in my current field for more than four years.

One Identity Active Roles is stable.

My experience is that One Identity Active Roles scales well for enterprise Active Directory administration and Active Directory management environments. The platform has been able to support a growing number of users, administrative workflows, delegation management, operational tasks, and policy-based automation tasks without major performance concerns.

Customer support is good.

We have seen a positive return on investment from One Identity Active Roles, primarily through reduced administrative workload, improved operational efficiency, and stronger governance across Active Directory management. We also experienced fewer configuration and permission-related errors because automated workflows and approval controls reduce manual intervention.

My advice to organizations considering One Identity Active Roles would be to invest time in properly planning their identity governance model, delegation structure, and automation workflows before deployment. One Identity Active Roles provides powerful capabilities for Active Directory administration and identity lifecycle management, but careful planning helps maximize its long-term value. I would rate this product an 8 out of 10.

Hybrid Cloud

Microsoft Azure

Our main use case for One Identity Active Roles is centralized Active Directory administration and user lifecycle management. We primarily use it for automated user provisioning and de-provisioning, role-based access control, group management, and delegating administrator tasks securely without giving full domain admin rights.

One common scenario is delegating password reset and user account unlock tasks to the service desk team using One Identity Active Roles.

Another valuable aspect for our use case with One Identity Active Roles is automation and standardization. We use it to apply consistent user provisioning policies, naming conventions, and group assignments across the organization.

One Identity Active Roles has had a positive impact on our organization by improving security and simplifying Active Directory management. One of the biggest benefits has been secure delegation. We no longer need to provide full domain administrator access for routine tasks, which has reduced security risk and improved operational control. Help desk and regional IT teams can handle common user management activities within their assigned scope without affecting critical systems.

We have seen noticeable operational and security improvements after implementing One Identity Active Roles. One major improvement was the reduction in manual administrator effort for tasks such as user provisioning, password resets, group assignments, and account deactivation, which became much faster through automation and delegation. This has reduced the workload on senior administrators and improved response times for end users.

The best features of One Identity Active Roles are its automated delegation and centralized Active Directory management capabilities. Based on my experience, these are the most valuable features, including role-based access control and automated workflows, dynamic group management, change tracking, and auditing, hybrid environment management, and access templates and policy enforcement.

The feature that made the biggest difference for us with One Identity Active Roles is the role-based delegation. Automation workflow, automated user provisioning, de-provisioning, group management, and policy enforcement reduce manual work and human error. Dynamic group management, such as automatically adding or removing users from groups based on predefined rules and attributes, also contributes significantly.

One area where One Identity Active Roles could be improved is the user interface. A more modern and simplified interface would help reduce the learning curve and improve day-to-day management efficiency.

I would also appreciate improvements in cloud-focused management and integration. Many organizations now operate in a hybrid or cloud-first environment, so having more intuitive Microsoft 365 and Entra ID management workflows would improve operational efficiency.

There are still a few areas where improvements could be made to One Identity Active Roles, such as a more modern user interface experience. The interface is powerful but can be dated and complex. A cleaner, more intuitive UI would make daily admin tasks faster and easier, particularly for new administrators. It also needs a strong cloud-native experience and simplified workflows and reporting setup.

I have worked in this field for the last seven years.

One Identity Active Roles is very stable.

Its scalability is good.

Customer support is good, and I rate customer support a nine.

Before selecting One Identity Active Roles, we evaluated several other options, including Active Directory management and IAM solutions, such as Microsoft native tools, AD Entra, ManageEngine ADManager Plus, NetIQ, SailPoint, Okta, and JumpCloud. While other tools were very strong, especially in areas including governance and cloud IAM, One Identity Active Roles stood out for operational AD management, particularly secure delegation, which was our primary requirement. We chose One Identity Active Roles based on this evaluation.

Integrating One Identity Active Roles with an existing IT infrastructure and directory services is generally of moderate difficulty. It is not overly complex, but it does require proper planning and Active Directory expertise.

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations. The typical ROI outcomes we have observed include time savings in user provisioning, which previously took twenty to thirty minutes per request. After implementing One Identity Active Roles, we reduced this to approximately five to ten minutes using templates and automation. This alone represents a sixty to seventy percent time reduction per request.

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations.

Our experience with pricing, setup costs, and licensing indicates that it is on the higher side but justified by the enterprise value. The licensing model is typically subscription-based and usually calculated based on the number of managed user accounts.

Our experience with delegation in One Identity Active Roles has been very positive and has fundamentally changed how we manage Active Directory operations. With delegation, we have implemented role-based delegation to assign specific administrator responsibilities to different IT teams, such as the help desk team for password resets, account unlocks, and basic user attribute updates; the regional IT team for user and group management; and the AD administrator for higher-level tasks including policy changes, schema-related operations, and domain controller control.

The key advice I would recommend is to invest time in design before implementation, redefine your role model and UI structure, start small and expand gradually, and keep your delegation strategy role-based.

One Identity Active Roles has significantly reduced both the complexity and the workload for Active Directory administration in our environment. The impact on workload has been a major reduction in manual AD tasks. Routine activities such as user creation, password resets, group updates, and account disabling and enabling are now largely automated and delegated to various roles.

The automation capabilities are generally very strong, especially for Active Directory lifecycle management and role-based access control. One Identity Active Roles is designed to reduce manual IT administration by turning repetitive identity tasks into policy-driven and workflow-based automation.

Fine-grained permission control in One Identity Active Roles has been a key part of implementing least privilege access in our environment. We use it to define very specific permissions at a granular level, such as allowing the help desk team to reset passwords and unlock access only within their assigned organizational units, restricting group management rights so that users can only modify specific security or distribution groups, and limiting attribute-level changes. The impact on least-privilege implementation has been reduced over-privileged accounts, a strong security posture, clear accountability, better compliance alignment, and operational efficiency without risk trade-offs.

I rate this review an eight overall.

One Identity Active Roles serves as my centralized Active Directory management and identity administration solution within our enterprise environment. The platform helps us streamline routing identity management tasks such as user creation, password management, account modification, and access governance, while reducing manual administrative effort.

One Identity Active Roles has positively impacted our organization by improving the efficiency, security, and consistency of identity and access management operations within the Active Directory environment. It also improves security and governance by enforcing role-based access control and provides better visibility into administrative activities through auditing and reporting capabilities.

We observed several operational improvements after implementing One Identity Active Roles, including user onboarding and administrative efficiency and access management consistency. One noticeable improvement was the reduction in onboarding and account provisioning time. Tasks such as creating user accounts, assigning group membership, and applying access permissions became much faster due to centralized management and workflow automation. This helped reduce delays for new employees and improved our overall productivity.

One Identity Active Roles offers several valuable features, but one of the best is centralized Active Directory management. Another strong feature is delegated administration, which allows our organization to assign specific administrative tasks to designated teams without granting full domain-level privilege.

When it comes to centralized Active Directory management, One Identity Active Roles simplifies user administration, group management, and access control from a single platform. This significantly reduces manual administrative effort in our enterprise environment.

One Identity Active Roles delivers role-based access control and auditing as additional strengths of the platform. Active Roles provides detailed visibility into administrative actions and helps support our compliance and governance requirements by maintaining audit trails and enforcing controlled access management.

One area of improvement is the user interface and overall usability. Some administrative functions and configuration can feel complex for new users, especially in large enterprise environments. A more modern and intuitive dashboard would make navigation and task management easier.

The other improvement would be better integration and support for hybrid and cloud-native identity environments, especially as our organization continuously moves towards cloud-based infrastructure and identity management solutions.

I have been using One Identity Active Roles for approximately one to two years.

One Identity Active Roles is stable.

The platform is capable of handling centralized administrative tasks across multi-user, group, organizational unit, and delegated administrative roles without significantly increasing operational complexity. As the environment grows, One Identity Active Roles helps maintain consistent identity governance and access management processes through automation and policy-based administration. One Identity Active Roles has demonstrated good scalability in our experience.

Customer support is good.

We did not use any previous solution before using One Identity Active Roles.

The initial deployment and integration process required proper planning around directory structure, administrative roles, permission, and policy configuration, but the overall implementation was straightforward for our structured enterprise environment. The platform integrates well with our existing Active Directory infrastructure and helps centralize our identity management operations effectively.

We have seen a positive return on investment using One Identity Active Roles, mainly through reduced administrative workload, improved operation, time-saving, and identity management. We also observed fewer manual configuration errors after the implementation of One Identity Active Roles because the policy-driven access management process became centralized. This improved consistency in user provisioning, group assignment, and permission management. The platform also improved our audit readiness and compliance visibility by providing centralized reporting and tracking of administrative activities, which simplifies our internal governance and access review processes.

The setup cost and pricing of One Identity Active Roles was generally positive for an enterprise identity and access management solution. The initial setup and licensing cost can be considerable depending on the size of the Active Directory environment. The setup process required proper planning around Active Directory integration. Licensing is typically based on organization environment and user requirement, so careful evaluation of scalability and future needs is important before deployment.

Before choosing One Identity Active Roles, we did not evaluate other options because what we wanted for Active Directory administrative management, One Identity Active Roles already had that feature in it, so we did not pursue other options.

My advice to organizations considering One Identity Active Roles would be to first clearly assess the structure, identity governance requirements, and administrative workflows. The platform provides the most value where user provisioning, access management, and Active Directory administration have become complex or difficult to manage manually. Proper planning around delegated administration, role-based access control, and workflow automation is very important for successful deployment. I would also recommend starting with a well-defined access governance strategy and reviewing existing administrative permission before implementation. I would rate this solution an 8 out of 10.

On-premises