No more typing reviews! Try our Samantha, our new voice AI agent.
reviewer2789802 - PeerSpot reviewer
Director, Identity & M365 Engineering at a healthcare company with 10,001+ employees
Real User
Top 10
Dec 23, 2025
Granular delegated access has strengthened least privilege control across complex directories
Pros and Cons
  • "One Identity Active Roles absolutely helps reduce identity-based breaches, making it very seamless for our user base to ensure that folks in specific positions have the least privileged access possible across our for-profit healthcare conglomerate with thirty states and over fifty community hospitals under a single Active Directory domain."
  • "We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there."

What is our primary use case?

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers.

Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us.

Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake.

About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

What is most valuable?

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

What needs improvement?

One of the things I would like to see more robust is the change history. One Identity Active Roles can only monitor changes that happen in the console, and the logs don't go back longer than thirty days, maybe sixty days. The change history, when we've seen accounts get modified, we leverage a container domain that funnels accounts into our Active Directory console. I would like to see from an initial user provisioning perspective, for them to isolate the workflow and say that this came in on X date and account was created. If anyone were to modify that account from an external resource, I would like to be able to read that as well. One Identity Active Roles is strictly limited to the console. If someone makes a change, the history of those changes is not as long as I would prefer.

For how long have I used the solution?

Our company has used One Identity Active Roles for over five years. I have been with them for the last four years. Personally, I have been a user and managed the team that controls One Identity Active Roles for four years.

Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
902,894 professionals have used our research since 2012.

What do I think about the stability of the solution?

Regarding stability, One Identity Active Roles is mostly stable. The only times it is not is when we have the eight-point-zero long-term service release. I have not seen any sort of hiccups in connectivity. If anything, it is on our side from a networking standpoint. It is a very stable product, at least recently.

What do I think about the scalability of the solution?

One Identity Active Roles is more beneficial to a large corporation. I am sure that licensing can vary in cost, but it is definitely very beneficial to complex Active Directory environments from a control perspective and being able to grant least privileged access that folks need to do their job.

How are customer service and support?

We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there.

Which solution did I use previously and why did I switch?

I have not used any alternatives to One Identity Active Roles. From an on-premises AD standpoint, delegated access has been with LifePoint as long as in my career. That is what we have leveraged. It has been useful. We have rolled it out across several Active Directory domains as our management overlay, but that has been our main one.

How was the initial setup?

When I first started using One Identity Active Roles, it is intuitive. It is not super complex. The management of it, we used it from a user provisioning standpoint before we switched human capital management systems. I was not really involved in that, but from an end user standpoint, you pick your web database server. The thick client is much easier from a UI perspective looking through it because it looks very similar to ADUC if you have any experience in IT. The web portal is fine. I think it is a little more clunky, and that is what most folks use, but it is intuitive. You pick your web or database server, log in with your credentialed account, and it synchronizes and loads. It is seamless, and from an intuitive standpoint, it is on the higher end.

What's my experience with pricing, setup cost, and licensing?

Regarding the pricing of One Identity Active Roles, it is definitely on the expensive side compared to solutions for what it does. It is a necessary need for us. I don't know One Identity Active Roles' business model, but it is very niche in the sense that they are going to target complex environments like mine that have a need for delegated access. There are other IGA platforms that do delegated access and offer a much larger suite of solutions, but it is definitely on the expensive side. I think our total was in the seven-figure range for a couple of years of service.

What other advice do I have?

Overall, I would give One Identity Active Roles a rating of nine out of ten. The main pain point I have is not huge because I know there are AD audit solutions out there individually. But with the control that One Identity Active Roles has, being as intuitive as it is, I think it is a nine out of ten. I would recommend it to any healthcare conglomerate that has multiple hands in an Active Directory environment. There are many components that I think our team is not touching the surface on from a dynamic group perspective, and we just use it for what it is today, but I think there are more components that we could explore.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Dec 23, 2025
Flag as inappropriate
PeerSpot user
reviewer2845674 - PeerSpot reviewer
Devoloper at a financial services firm with 51-200 employees
Real User
Top 10
May 23, 2026
Identity workflows have streamlined onboarding and offboarding but still need better UI and cloud integration
Pros and Cons
  • "Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency."
  • "I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement."

What is our primary use case?

One Identity Active Roles serves as our centralized Active Directory administration platform for identity lifecycle management, including automated user provisioning, delegated administration, role-based access control, workflow automation, and compliance management.

A specific example of One Identity Active Roles implementation is automating employee onboarding where new users are automatically created with correct organizational unit placement, group membership, permission assignments, and policies based on their department or job roles.

What is most valuable?

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing capabilities.

The automation capability in One Identity Active Roles helps reduce manual Active Directory tasks by automatically handling user provisioning, deprovisioning, group assignment, and policy enforcement, which improves efficiency, consistency, and security.

One Identity Active Roles has positively impacted our organization by reducing manual Active Directory administration, improving security through role-based access control and delegated access, speeding up onboarding and offboarding processes, and enhancing compliance and audit visibility.

Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency.

One Identity Active Roles helped us implement fine-grained delegation and access control by assigning specific administrative permissions based on roles and department, which improves security, reduces excessive privilege, minimizes manual errors, and made Active Directory management more controlled and compliant.

One Identity Active Roles integrated well with our existing IT environment, especially with Active Directory and Microsoft infrastructure, which made adoption easier without major changes to current systems or operational processes.

I was impressed with the automation capability in One Identity Active Roles, especially automated user onboarding and offboarding where accounts, group memberships, and permissions were assigned automatically based on department or roles, significantly reducing manual effort and provisioning time.

One Identity Active Roles has significantly reduced compliance effort by centralizing auditing, enforcing role-based access control and policy management, tracking Active Directory changes, and simplifying access reviews and reporting for audits.

One Identity Active Roles reduced the complexity and workload related to Active Directory by automating repetitive tasks, simplifying user and group management, enabling delegated administration, and centralizing policy and access control management.

Delegated administration in One Identity Active Roles positively affected our operations by allowing service desk teams to handle routine Active Directory tasks such as password resets, user creation, and group management without full domain administrator rights, which improved security, reduced workload on senior administrators, and sped up request resolution.

What needs improvement?

One Identity Active Roles can be improved with a more modern user interface, better reporting and analytics capabilities, simplified workflow customization, improved troubleshooting tools, and stronger cloud and hybrid identity integration capabilities.

I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement.

For how long have I used the solution?

I have been using One Identity Active Roles for the last three years.

What do I think about the stability of the solution?

One Identity Active Roles is stable and reliable for enterprise Active Directory management and automation workloads.

What do I think about the scalability of the solution?

One Identity Active Roles scales well and can efficiently manage large enterprise Active Directory environments with thousands of users, groups, and administrative tasks.

How are customer service and support?

Customer support for One Identity has been generally good with knowledgeable technical teams and effective support for deployment, troubleshooting, and Active Directory integration issues.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, we mainly relied on Active Directory tools, manual administration processes, and basic PowerShell scripting for user and group management.

How was the initial setup?

We consolidated identity and access management using One Identity Active Roles for user provisioning and group management.

What was our ROI?

We achieved a strong return on investment with One Identity Active Roles through a 40 to 50 percent reduction in service desk workload, faster user provisioning, fewer manual administrator errors, and improved compliance and audit efficiency.

What's my experience with pricing, setup cost, and licensing?

The pricing, setup cost, and licensing for One Identity Active Roles are enterprise-oriented and typically based on the number of managed users or accounts. While setup requires moderate implementation effort for Active Directory integration and workflow configuration, overall it delivers strong value through automation and reduced administrative overhead.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, we evaluated Microsoft Identity Manager and SailPoint IdentityIQ.

What other advice do I have?

My advice to others considering One Identity Active Roles is to plan role-based access control models, workflows, and delegation structures carefully, start with a pilot deployment, and fully utilize automation and auditing features to maximize security, compliance, and operational efficiency. I would rate this product a 3 out of 5 in terms of customer service.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 23, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
902,894 professionals have used our research since 2012.
Mahesh Dattatray Malve - PeerSpot reviewer
Senior Business Development Executive at Digitaltrack
Real User
Top 5
May 19, 2026
Centralized delegation has streamlined ad administration and now reduces privileged access risks
Pros and Cons
  • "One positive impact we noticed from One Identity Active Roles was improved operational efficiency; earlier, many user management tasks were handled manually, which took more time and sometimes created inconsistencies, but using intelligent role-based workflows and automation made onboarding and access modification faster and more standardized, and we also saw better control over privileged access since permissions were delegated properly, reducing high-level administrative rights, which improved accountability and balanced security with operational speed."
  • "Pricing for One Identity Active Roles is a bit on the higher side compared to other options in the market."

What is our primary use case?

My main use case for One Identity Active Roles is for centralized Active Directory administration and life cycle management; most of the day-to-day activities revolve around user provisioning, account modification, and modification group management, access delegation, and handling the joiner mover leaver process.

One common example of how I use it for user provisioning in my daily work is during new employee onboarding; when HR shares the employee details, we use predefined templates in One Identity Active Roles to create user accounts with standard attributes such as department, designation, email format, and reporting manager, and based on the employee's role, the required security groups are automatically assigned instead of adding everything manually.

What is most valuable?

One important thing from day-to-day usage is that tools such as One Identity Active Roles are not just about account creation or access management; they help bring consistency into operations in large environments, as one small manual mistake in Active Directory can create bigger issues later, especially during audits or access reviews, and from my experience, the biggest practical benefit has been reducing repetitive manual work and maintaining standardized processes across teams.

The best feature of One Identity Active Roles is delegation administration with role-based access control; it allows an organization to give limited and controlled access to different IT teams without exposing full Active Directory permissions, which is very important from a security perspective.

Role-based access control has helped me mainly by reducing unnecessary privileged access, as earlier, in some environments, multiple admins had broad Active Directory permissions which increased the risk of accidental changes or unauthorized actions, and with One Identity Active Roles, this access could be delegated so teams only got permissions required for their tasks.

One thing worth adding about the features is that as identity and access governance become more important and organizations are handling hybrid environments with cloud and on-premise systems together, tools such as One Identity Active Roles help bring structure to that, especially for managing identity-related operations in a controlled way.

One positive impact we noticed from One Identity Active Roles was improved operational efficiency; earlier, many user management tasks were handled manually, which took more time and sometimes created inconsistencies, but using intelligent role-based workflows and automation made onboarding and access modification faster and more standardized, and we also saw better control over privileged access since permissions were delegated properly, reducing high-level administrative rights, which improved accountability and balanced security with operational speed.

Measurable improvements were noticed over time; for onboarding activities, the creation and access assignment process became much faster because templates and automation group assignments reduced manual work, and earlier, some requests would take a few hours depending on complexity, but with streamlined workflows, standard tasks became much quicker with fewer follow-ups, and from an audit perspective, preparing for access reviews or compliance checks was easier because all changes were logged properly, meaning the teams spent less time collecting manual evidence due to the clear audit process.

We utilized the fine-grained permission control feature of One Identity Active Roles, especially for delegating administration and limiting unnecessary privileged access; one major impact was better implementation of the least privilege principle, as instead of giving broad Active Directory permissions to multiple teams, access is assigned based on specific responsibilities, allowing the helpdesk team to perform limited tasks such as password resets or account unlocks, while application teams manage only their own security groups without broad administrative access.

The automation capabilities of One Identity Active Roles are one of its stronger areas, especially for reducing repetitive administrative tasks and improving consistency; a common example is user onboarding and offboarding workflows where predefined templates automatically populate user attributes, assign appropriate groups, and apply naming standards based on department or role, significantly reducing manual effort and minimizing configuration mistakes.

One Identity Active Roles has had a significant effect on the complexity and workload of day-to-day Active Directory administration, as earlier, many Active Directory-related tasks depended heavily on experienced administrators making direct changes in Active Directory users and computers, which increased the risk of inconsistency and human error; after implementing One Identity Active Roles, administrative tasks became more structured through delegated access, templates, and automated workflows.

What needs improvement?

One Identity Active Roles is strong operationally, but there are a few areas where it could improve, such as cloud-native integration; since many organizations are moving towards hybrid and multi-cloud environments, a tighter and simpler integration with more cloud platforms would enhance the overall experience.

One practical pain point I encountered around workflow customization and change management is that the tool is powerful, but when organizations want highly customized approval flows based on business logic, implementation can become complex and often relies on experienced administrators or consultants.

For how long have I used the solution?

I have been using One Identity Active Roles for three years.

What do I think about the stability of the solution?

One Identity Active Roles is a stable and reliable platform.

What do I think about the scalability of the solution?

From my experience, One Identity Active Roles is quite scalable, especially for medium to large enterprises that have a high volume of Active Directory administrative operations, as the architecture is designed to scale Active Directory delegation and administration.

How are customer service and support?

I found the customer support experience with One Identity generally positive, especially for enterprise-level support cases, as their support team has strong technical knowledge of Active Directory and IAM issues which is crucial for solving issues.

Which solution did I use previously and why did I switch?

Before using One Identity Active Roles, a large portion of administrative work was handled with native Active Directory tools and manual operational processes, and the main reason for moving towards One Identity Active Roles was the increasing complexity of user and access management as the organization scaled.

How was the initial setup?

The ease of integrating One Identity Active Roles with our existing IT infrastructure and directory services was moderately manageable, as it was not extremely difficult but required proper planning and understanding of the existing infrastructure; since our organization is heavily based on Active Directory and Microsoft technologies, the core integration was relatively smooth, allowing straightforward onboarding, synchronization, delegation, administration, and policy configuration once the architecture was properly designed.

What about the implementation team?

The implementation was done in-house by our IT team.

What was our ROI?

The organization has seen a positive return on investment, though the return on investment is more operational and security-focused than just a cost reduction; we also observed fewer operational errors related to account provisioning and group assignments due to standardized templates and workflows reducing inconsistencies, meaning even a small reduction in manual administration and troubleshooting effort adds up.

What's my experience with pricing, setup cost, and licensing?

Pricing for One Identity Active Roles is a bit on the higher side compared to other options in the market.

Which other solutions did I evaluate?

During the evaluation phase, I considered a few other IAM and Active Directory management solutions; the comparison was mainly about delegation capabilities, automation, and audit, including Microsoft's native Active Directory administration approach combined with scripting and Group Policy management, as well as tools such as Microsoft Entra ID, NetIQ, SailPoint, and CyberArk, depending on the use case.

What other advice do I have?

My advice for others looking into using One Identity Active Roles is to first understand your internal identity and access management processes before implementing the tool, and I recommend starting with clear delegation and automation goals instead of trying to customize everything immediately. I would rate this product an 8.5 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 19, 2026
Flag as inappropriate
PeerSpot user
reviewer2845590 - PeerSpot reviewer
Engineer at a transportation company with 1,001-5,000 employees
Real User
Top 10
May 22, 2026
Centralized automation has transformed identity lifecycle management and strengthens governance
Pros and Cons
  • "I saw a strong ROI with One Identity Active Roles through around a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual errors, and improved compliance and audit efficiency, which saves significant administrative time and operational efforts."
  • "One Identity Active Roles can be improved with a more modern and user-friendly interface, better reporting and analytics, simplified workflow customization, faster performance in large environments, and stronger cloud and hybrid identity integration capabilities."

What is our primary use case?

My main use case for One Identity Active Roles is centralized Active Directory administration and identity lifecycle management, including automatic user provisioning and deprovisioning, delegating administration, role-based access control, policy enforcement, and workflow automation to improve security, compliance, and operational efficiency.

A specific example of using One Identity Active Roles to automate user provisioning is automatic employee onboarding, where new users are automatically created with the correct OU placement, group membership, permission, and policy based on their department or role, reducing manual efforts.

Additionally, I use One Identity Active Roles for delegated administration, password management, approval workflows, group management, and auditing Active Directory changes, which helps improve security, reduce administrative workload, and maintain compliance.

What is most valuable?

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, policy placement, approval workflows, and auditing.

One Identity Active Roles automation helps by automatically provisioning and deprovisioning users, assigning groups, and permission based on roles, making my work easier and more efficient. While delegating administrative tasks, it allows service desk teams to perform limited AD tasks without full domain access.

Additionally, the approval workflow, auditing, and policy enforcement features in One Identity Active Roles are very valuable, as they help maintain compliance, track all Active Directory changes, enforce naming and security standards, and improve overall governance and operational controls.

One Identity Active Roles positively impacts my organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and offboarding processes, and enhancing compliance with centralized auditing and policy enforcement.

What needs improvement?

One Identity Active Roles can be improved with a more modern and user-friendly interface, better reporting and analytics, simplified workflow customization, faster performance in large environments, and stronger cloud and hybrid identity integration capabilities.

Additionally, One Identity Active Roles could be improved with troubleshooting tools, clearer error reporting, enhanced real-time monitoring dashboards, and simplified complex policy and workflow management to make administration easier in large enterprise environments.

For how long have I used the solution?

I have been working in my current field for the last one month.

What do I think about the stability of the solution?

One Identity Active Roles is generally very stable and reliable in enterprise environments with consistent performance in Active Directory management automation and delegation tasks when properly configured and maintained.

What do I think about the scalability of the solution?

One Identity Active Roles can scale to large enterprise environments and can efficiently handle thousands of users, groups, and Active Directory objects, centralizing automation and delegation processing without significant performance issues.

How are customer service and support?

Basic customer support for One Identity Active Roles has been generally good, with knowledgeable technical teams and effective guidance on deployment, although response time for complex escalations can sometimes be a bit slower.

I would rate customer support for One Identity Active Roles around a seven out of ten for strong technical expertise and helpful guidance, with some room for improvement in escalation and response times.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, I primarily used native Active Directory tools and manual administration processes, along with basic PowerShell scripting for user and group management.

How was the initial setup?

The main difficulty I faced integrating One Identity Active Roles was complex workflows, mapping RBAC permissions correctly, synchronizing a hybrid environment like Microsoft Azure, and troubleshooting policy or replication-related issues during the initial deployment.

What was our ROI?

I saw a strong ROI with One Identity Active Roles through around a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual errors, and improved compliance and audit efficiency, which saves significant administrative time and operational efforts.

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing of One Identity Active Roles are enterprise-based and depend on the number of managed users or accounts, while setup costs are moderate due to infrastructure implementation and integration requirements. Overall, it provides good value through automation, security, and reduced administrative overhead.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, I evaluated options including Microsoft Identity Manager and SailPoint IdentityIQ, but chose One Identity Active Roles due to its strong Active Directory integration, automation, and delegation administrative capabilities.

What other advice do I have?

My impression of the automation capability of One Identity Active Roles is very positive, as it significantly reduces manual Active Directory tasks through automated provisioning, deprovisioning, group management, approval workflows, and policy enforcement, improving efficiency, consistency, and security across the environment.

One Identity Active Roles significantly reduces the complexity of Active Directory administration by centralizing management, automating repetitive tasks, and enabling delegated access control, although the initial setup and advanced workflow configuration can be complex in large enterprise environments.

One Identity Active Roles delegation allows service desk or junior administrators to perform specific Active Directory tasks including password resets, user creation, and group management without giving full domain administrative access, which improves security, reduces workload on senior admins, and speeds up request handling.

My advice to others considering using One Identity Active Roles is to plan the Active Directory structure, RBAC model, and workflow carefully before deployment. I recommend starting with a pilot implementation and leveraging automation and delegated administration features fully to maximize security, efficiency, and compliance benefits. I would give One Identity Active Roles an overall rating of eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 22, 2026
Flag as inappropriate
PeerSpot user
Chetan Bhati - PeerSpot reviewer
Network Security Engineer at Arrow PC Network Pvt Ltd
Real User
Top 5Leaderboard
May 14, 2026
Centralized automation has streamlined onboarding, delegation, and secure access management
Pros and Cons
  • "One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks."
  • "Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues."

What is our primary use case?

My main use case for One Identity Active Roles is managing Active Directory users and groups in a centralized way, and I primarily use it for provisioning, access management, password reset, onboarding and off-boarding processes, and delegated administration.

During employee onboarding, I use One Identity Active Roles to create user accounts, assign the required group membership, apply department-based permissions, and configure account policies from a centralized console. For delegated administration, specific tasks such as password reset or basic account management can be assigned to a specific support team without giving them full domain admin access, which improves security and also reduces workload for senior administrators.

Apart from onboarding and access management, I also use One Identity Active Roles for account lifecycle management, such as disabling accounts during off-boarding and updating permissions during role changes. It helps with maintaining consistency through policy-based administration and reduces manual effort for repetitive Active Directory tasks.

What is most valuable?

A valuable feature of One Identity Active Roles is delegated administration because it allows different teams to handle specific tasks without giving full Active Directory access. I also find that centralized user and group management very useful since it simplifies onboarding, off-boarding, permission updates, and account management from a single interface. The strong feature is automation and workflow management, which helps reduce manual effort and improve consistency and minimize administrative errors.

Account creation, group assignment, and permission management can all be handled from one place instead of manually configuring everything in Active Directory, making it much faster. Delegated administration also makes support operations easier because basic tasks of password reset and account unlocks can be securely handled by the support team without requiring administrative privileges. These features improve visibility and help maintain better control over administrative changes.

One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks. It also enhanced security through delegated administration because teams can perform specific tasks without needing full domain admin rights. Another positive impact is reduced manual errors and faster onboarding and off-boarding processes, which improved overall operational efficiency for my IT team.

What needs improvement?

Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues. Additionally, improving the overall performance and simplifying some workflow configurations would make day-to-day operations easier.

For how long have I used the solution?

I have been using One Identity Active Roles for around one year.

What do I think about the stability of the solution?

One Identity Active Roles has been a stable solution for day-to-day Active Directory administrative and identity management tasks in my experience, as I have been able to use it reliably for user provisioning, delegated administration, and access management with consistent performance. As with any enterprise solution, proper configuration and maintenance are important, but overall, it has been stable in my environment.

What do I think about the scalability of the solution?

One Identity Active Roles is scalable and is actually designed specifically for large enterprise environments and hybrid environments, so it has centralized multi-domain management tailored for large enterprises.

How are customer service and support?

Customer support for One Identity Active Roles is generally rated as good but not perfect, so it really depends on the type of issues and how my environment is set up.

Which solution did I use previously and why did I switch?

Previously, most of the administration was handled directly through native Active Directory tools and manual processes. My organization moved to One Identity Active Roles to improve centralized management, delegation, and automation, which also helped improve security and reduce manual workload through better control over permissions.

How was the initial setup?

The integration process was relatively easy because One Identity Active Roles integrates well with existing Active Directory environments. The initial setup and configuration required proper planning and understanding of the directory structure, but once configured, it worked well with the existing IT infrastructure, making the centralized management and policy-based administration easier to align with my current identity management process.

What was our ROI?

From an operational perspective, I have seen a positive return in terms of time-saving and administrative efficiency. For example, routine tasks of user onboarding, permission updates, and account management are completed much faster now compared to manual Active Directory administration. While I was not directly involved in financial calculation, it has definitely improved efficiency and reduced manual effort for my IT teams.

Which other solutions did I evaluate?

I was not involved directly in the product evaluation or selection process, so I cannot comment in detail on all the alternatives that were evaluated. However, from my understanding, the decision was mainly based on improving centralized Active Directory management.

What other advice do I have?

After using One Identity Active Roles, onboarding account management tasks become noticeably faster. For example, creating a user account and assigning permissions that previously took around fifteen to twenty minutes manually can be completed in just a few minutes through centralized workflows. I have also noticed fewer permission-related mistakes and improved consistency because policies and templates are applied in a standardized way.

My advice for anyone evaluating One Identity Active Roles is that if you are planning to use Active Roles, the most important thing to understand is that it is not just a tool; it is an identity management framework for Active Directory and hybrid environments. Success depends more on design and implementation than the product itself.

One Identity Active Roles is deployed in an on-premises environment integrated with my Active Directory infrastructure. I use One Identity Active Roles for Active Directory administration and identity management tasks, so it is mainly consolidated around centralized user management and delegated administration.

I have utilized the fine-grained permission control feature in One Identity Active Roles mainly through delegated administration, which helped implement least privilege principles by allowing teams to perform only the specific task required for their role, such as a password reset or account unlock, without providing full Active Directory administrative access. This improved security, reduced unnecessary privileged access, and helped maintain better control and accountability over administrative activities.

My impression of the automation capabilities is very positive because they help reduce repetitive manual administrative tasks and improve consistency in user management. For example, during onboarding, account creation, group assignment, and applying standard permissions can be handled through predefined workflows and policies, which saves time and reduces configuration errors. Automation also helped during off-boarding processes by quickly disabling accounts and removing access in a centralized way, improving both efficiency and security.

Administrative tasks related to Active Directory, such as user provisioning, group management, password reset, and access updates, become more streamlined and easier to handle. It also reduced manual workload for administrators because many repetitive tasks can be completed through workflows and delegated administration instead of handling everything directly in native Active Directory tools. It has significantly reduced the complexity of many Active Directory administrative tasks by centralizing management and automating routine operations.

I think the pricing structure will be suitable. I have given this review an overall rating of nine.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 14, 2026
Flag as inappropriate
PeerSpot user
Dhanaji Mali - PeerSpot reviewer
Technical Specialist at VDA Infosolutions Pvt. Ltd.
Real User
Top 5Leaderboard
Apr 9, 2026
Centralized controls have strengthened ad governance and now automate secure user provisioning
Pros and Cons
  • "One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment."
  • "One area for improvement would be the initial setup, which feels a little bit complex and could be simplified."

What is our primary use case?

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

What is most valuable?

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

What needs improvement?

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

For how long have I used the solution?

I have been using One Identity Active Roles for more than three years.

How are customer service and support?

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

What was our ROI?

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

What other advice do I have?

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 9, 2026
Flag as inappropriate
PeerSpot user
Abhishek Pol - PeerSpot reviewer
Cloud Engineer at Infobahn Technical Solution
Real User
Top 5
May 17, 2026
Automated governance has transformed onboarding and now cuts manual access work in half
Pros and Cons
  • "Automated provisioning and access management reduced manual administrative effort by nearly 50 to 60%, which saved significant onboarding time and lowered the number of access-related errors and support tickets."
  • "One Identity Active Roles could be improved with a more modern and intuitive user interface, faster performance during large-scale directory operations, and simpler initial deployment and configuration."

What is our primary use case?

One Identity Active Roles is primarily used for centralized Active Directory management, user provisioning, and automated access control. It streamlines user account creation, role-based administration, group management, and policy enforcement while reducing manual administrative effort and improving security compliance.

A common day-to-day use case involves onboarding new employees. One Identity Active Roles automated user account creation, group assignments, mailbox setup, and permission allocation based on department rules. This process was previously manual and time-consuming, but One Identity Active Roles reduced setup time significantly and helped avoid configuration mistakes and permission inconsistencies.

Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

What is most valuable?

The best features of One Identity Active Roles are automated user provisioning, delegated administration, and role-based access control. It reduces manual Active Directory management tasks, improves security through fine-grained permissions, and provides centralized auditing and policy enforcement. The automation workflows and approval-based access management are especially valuable for maintaining consistency and compliance in large enterprise environments.

The automation workflows help the team automate repetitive identity management tasks such as user onboarding, account updates, password resets, and de-provisioning. Approval-based access management adds an extra security layer by requiring manager or admin approval before sensitive permissions or group memberships are granted. This reduces manual effort, minimizes human errors, improves compliance, and ensures proper access governance across the organization.

One Identity Active Roles significantly reduces the complexity and workload of Active Directory management by automating repetitive tasks such as user provisioning, group management, password resets, and access changes. It simplifies delegated administration and centralized policy management, allowing the IT team to handle Active Directory operations more efficiently with fewer manual errors.

What needs improvement?

One Identity Active Roles could be improved with a more modern and intuitive user interface, faster performance during large-scale directory operations, and simpler initial deployment and configuration.

For how long have I used the solution?

One Identity Active Roles has been used for approximately seven months.

What do I think about the stability of the solution?

One Identity Active Roles is stable.

What do I think about the scalability of the solution?

One Identity Active Roles is highly scalable and works well in medium to large enterprise environments. It can efficiently manage a large number of users, groups, and directory objects while maintaining centralized administration, automation, and policy enforcement across multiple domains and complex Active Directory infrastructures.

How are customer service and support?

Customer support for One Identity Active Roles is excellent.

Which solution did I use previously and why did I switch?

The organization mainly consolidated Active Directory administration, user provisioning, access governance, and role-based access management using One Identity Active Roles. It helps centralize identity management tasks that were previously handled through multiple manual tools and scripts.

How was the initial setup?

Integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward. The solution integrates very well with Microsoft-based infrastructure and directory services, although the initial configuration and policy setup required careful planning and technical expertise for smooth deployment.

What about the implementation team?

Careful planning of the initial deployment and role structure before implementation is recommended. One Identity Active Roles delivers the most value when automation workflows, delegated administration, and access policies are properly designed according to organizational needs.

What was our ROI?

A clear return on investment was realized after implementing One Identity Active Roles. Automated provisioning and access management reduced manual administrative effort by nearly 50 to 60%, which saved significant onboarding time and lowered the number of access-related errors and support tickets.

What's my experience with pricing, setup cost, and licensing?

The pricing and licensing experience with One Identity Active Roles was generally reasonable for an enterprise IAM solution. Initial setup required some planning and technical resources, but the long-term operational efficiency and automation benefits provided good overall value.

What other advice do I have?

After implementing One Identity Active Roles, user provisioning and access management time was reduced by nearly 50 to 60%. The automation workflows helped lower manual configuration errors and improved compliance by maintaining proper approval trails and access governance records.

The automation capabilities of One Identity Active Roles are impressive because they significantly reduce repetitive administrative work and improve consistency. Employee onboarding workflows were automated, so new users automatically receive the correct accounts, group memberships, and permissions based on their department and role. Automated de-provisioning is also used to quickly disable accounts and revoke access when employees leave the organization, improving both efficiency and security.

The review rating provided for One Identity Active Roles is 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 17, 2026
Flag as inappropriate
PeerSpot user
Shubham Dwivedi - PeerSpot reviewer
Service Lead - India West Region at Digitaltrack
Real User
Top 5
May 8, 2026
Automation has reduced manual identity tasks and improves secure access control consistency
Pros and Cons
  • "Overall, One Identity Active Roles has been a reliable and valuable solution for improving Active Directory management, automation, and access control, helping reduce manual efforts, improve security, and streamline identity administration tasks across the organization."
  • "Some advanced configuration and workflow can feel complex, so simplifying setup and management would improve the overall experience."

What is our primary use case?

My main use case for One Identity Active Roles is Active Directory management, user provisioning, provisioning and de-provisioning, role-based access control, and automating identity administration tasks.

What is most valuable?

The best features One Identity Active Roles offers are automated user provisioning, role-based access control, and delegated administration, auditing, and centralized Active Directory management. I also find the workflow automation and policy enforcement features very useful because they help reduce manual efforts, improve security, and maintain consistency across the environment. Features such as access templates, dynamic groups, and detailed reporting also make identity administration much more efficient.

Access templates and dynamic groups have helped standardize permissions and reduce manual configuration work. For example, when a user moves to a different department or role, the correct group membership and access right can be updated automatically based on predefined policies, which improves consistency and reduces errors.

Another feature I find valuable in One Identity Active Roles is the auditing and reporting capability. It provides clear visibility into changes made in Active Directory, which helps with troubleshooting, compliance, and security monitoring. The delegated administration feature is also very useful because it allows tasks to be assigned securely without giving full administrative access.

One Identity Active Roles has improved the efficiency of identity and access management in our organization. It reduced manual administrative work, improved consistency in user provisioning and access control, and strengthened security through better policy enforcement and auditing.

I noticed significant time-saving after implementing One Identity Active Roles. User provisioning, access updates, and onboarding tasks that previously required a lot of manual efforts are now completed much faster through automation, reducing administrative workload by around forty to fifty percent. It also helped reduce configuration errors and improve compliance by enforcing standardized access policies and maintaining detailed audit logs for Active Directory changes.

What needs improvement?

One Identity Active Roles could be improved with a more modern and user-friendly interface, especially for new administrators. Some advanced configuration and workflow can feel complex, so simplifying setup and management would improve the overall experience. Better integration and reporting customization options would also be helpful for large environments.

Other improvements needed for One Identity Active Roles include providing more simplified documentation and onboarding resources for advanced features and workflow configuration. Faster troubleshooting guidance for complex environments and more flexible reporting options would also help administrators manage identity operations more efficiently. Overall, the platform is reliable and delivers strong value for Active Directory management and automation.

Improvements for One Identity Active Roles would include enhancing performance and responsiveness in very large environments with complex workflows and multiple integrations. More built-in analytics and easier customization for dashboards and reports would also help administrators gain insights more efficiently.

For how long have I used the solution?

I have been using One Identity Active Roles for around one year.

What do I think about the stability of the solution?

One Identity Active Roles is stable.

What do I think about the scalability of the solution?

One Identity Active Roles has shown good scalability in our experience. It can efficiently handle a growing number of users, groups, workflows, and Active Directory objects without major performance issues, making it suitable for enterprise environments and hybrid infrastructure.

How are customer service and support?

My experience with customer support has been positive overall. The support team is very knowledgeable and generally responsive in handling configuration issues, and I receive good technical expertise and helpful assistance from the support team.

Which solution did I use previously and why did I switch?

Before using One Identity Active Roles, we mainly relied on native Active Directory tools and manual administrative processes. We switched because One Identity Active Roles provided better automation, centralized management, delegated administration, and stronger auditing capabilities, which helped reduce manual efforts and improve security and operational efficiency.

How was the initial setup?

My experience with pricing, setup cost, and licensing was generally positive. The initial setup required proper planning and configuration, especially for workflow, delegation policy, and Active Directory integration, but the deployment process itself was manageable.

What was our ROI?

We have seen a positive return on investment, mainly through time-saving and reduced administrative workload. Tasks such as user provisioning, access updates, and account management that previously required a lot of manual efforts are now automated, reducing administrative efforts by around forty to fifty percent. It also helps reduce configuration errors, improve compliance, and allows administrators to focus more on strategic identity and security tasks instead of repetitive manual processes.

Which other solutions did I evaluate?

Before choosing One Identity Active Roles, we evaluated other solutions, and we selected One Identity Active Roles because of its strong Active Directory management capabilities, delegated administration, automation features, and centralized visibility across hybrid environments.

What other advice do I have?

My advice for others looking into using One Identity Active Roles is to clearly plan your identity management and Active Directory requirements before implementation. Invest time in proper onboarding and workflow design so you can fully utilize the automation, delegated administration, and compliance features. Once configured properly, it can significantly reduce manual efforts and improve security and operational efficiency.

Overall, One Identity Active Roles has been a reliable and valuable solution for improving Active Directory management, automation, and access control. It helped reduce manual efforts, improve security, and streamline identity administration tasks across the organization. I would rate this product an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: May 8, 2026
Flag as inappropriate
PeerSpot user
Yehuda Fabian - PeerSpot reviewer
System Administrator at Shaare Zedek Medical Centre
Real User
Top 5
Feb 11, 2026
Granular delegation has improved directory security and automates provisioning tasks
Pros and Cons
  • "One Identity Active Roles supports my provisioning and de-provisioning needs very well, has helped increase operational efficiency by saving a lot of time, and has helped reduce the number of privileged accounts."
  • "Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there."

What is our primary use case?

One Identity Active Roles is used for provisioning and directory management.

What is most valuable?

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

What needs improvement?

Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.

Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.

I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.

For how long have I used the solution?

I have been using One Identity Active Roles for about three years.

What do I think about the stability of the solution?

One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.

What do I think about the scalability of the solution?

I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.

How are customer service and support?

I rate the vendor's technical support a ten out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.

How was the initial setup?

The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.

What about the implementation team?

One Identity Active Roles was purchased through a partner.

What's my experience with pricing, setup cost, and licensing?

I am aware of the pricing; it is on the expensive side, though pricing is not my department.

What other advice do I have?

One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.

The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.

I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.

I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.

I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.

The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Last updated: Feb 11, 2026
Flag as inappropriate
PeerSpot user
Developer at a financial services firm with 51-200 employees
Real User
Top 5
Jun 12, 2026
Delegated workflows have streamlined daily user lifecycle and access governance in our hybrid AD
Pros and Cons
  • "The features I found most valuable in One Identity Active Roles are delegated administration, workflow-based automation, and role-based access control, which help streamline Active Directory management while maintaining better control over administrative permissions and access requests."
  • "One area for improvement would be troubleshooting and reporting."

What is our primary use case?

My main use case of One Identity Active Roles is managing user life cycle activity in Active Directory on a daily basis. I use it for user provisioning, group membership management, delegated administration, and handling access-related requests while maintaining governance controls.

Besides user provisioning, I also use One Identity Active Roles for delegated administration and access governance. It helps me to control who can perform specific tasks without granting broad administrative rights, which has been useful for maintaining security and operational consistency.

What is most valuable?

The features I found most valuable in One Identity Active Roles are delegated administration, workflow-based automation, and role-based access control. These features help streamline Active Directory management while maintaining better control over administrative permissions and access requests.

Workflow automation helped by reducing the number of manual steps involved in routine AD tasks. For example, when a new user request comes in, the approval and provisioning process follows a predefined workflow instead of relying on emails and manual coordination. This made requests more consistent and reduced the chances of missing important access assignments or approvals.

The auditing and reporting capability is worth mentioning. It gives better visibility into administrative changes and helps during the access review or audit activity. I also appreciate how the platform centralizes many AD management functions.

What needs improvement?

One area for improvement would be troubleshooting and reporting. When dealing with complex workflows or delegated permissions, identifying the root cause of an issue can sometimes take longer than expected. I would also like to see a more modern administrative experience and greater visibility into workflow activities to make day-to-day management easier.

Another improvement I would like to see is better visibility into delegation and access relationships. In larger environments with multiple teams and administrative roles, it can sometimes be difficult to quickly understand why a user has a particular permission or access level.

For how long have I used the solution?

I have been working in my current field for the last three years.

What do I think about the stability of the solution?

One Identity Active Roles has been a stable platform in my experience. I use it regularly for user management, delegation, and access-related tasks, and it performs reliably in day-to-day operations. Most issues I encountered were related to workflow configuration or process changes.

What do I think about the scalability of the solution?

From my experience, One Identity Active Roles scales well as the environment grew. I was able to manage an increasing number of users, groups, and administrative requests without significant changes to my processes. Features like delegation and automation helped support growth while keeping administration manageable and consistent.

How are customer service and support?

My experience with customer support has been positive overall. The support team was generally responsive and had a good understanding of Active Directory, delegation, and workflow-related issues. For more complex cases, resolution times sometimes required escalation, but the guidance provided was usually helpful and technically sound.

Which solution did I use previously and why did I switch?

Before One Identity Active Roles, I primarily relied on the native Active Directory administration tools and PowerShell scripts for user and AD group management. I switched because I wanted a more centralized approach with delegation, automation, and governance. As the environment grew, managing permissions and administrative tasks manually became harder to maintain consistently.

How was the initial setup?

I found the integration fairly straightforward because my environment was already centered around Active Directory. The core connectivity and synchronization were not difficult to establish. Most of the effort went into designing the delegation model and approval workflows to align with the existing operational processes rather than the technical integration itself.

What was our ROI?

The ROI was mainly seen in time savings and operational efficiency rather than directly reducing headcount. Routine tasks such as user provisioning, account maintenance, and access requests require less manual effort than before the implementation. I also saw fewer escalations to the AD team because delegated administration allowed support teams to handle common requests independently, which improved overall productivity.

Which other solutions did I evaluate?

I evaluated a few alternatives including Microsoft Identity Manager and SailPoint. I ultimately chose One Identity Active Roles because it aligned well with my Active Directory-focused environment and offered a good balance of delegation, automation, and governance capabilities without adding too much operational complexity.

What other advice do I have?

One outcome I noticed was a reduction in manual AD administration. Routine tasks such as user account management and group updates became more structured, which helped reduce configuration mistakes. I also found that access reviews and audit preparation became easier because administration changes were centrally managed and easier to track.

In my environment, One Identity Active Roles is deployed in a hybrid setup. The application runs on virtual servers in my on-premises data center while supporting identity management processes that interact with my cloud services. This approach works well because it allows me to maintain control over the Active Directory administration.

As part of my hybrid environment, I primarily use Microsoft Azure since my infrastructure is closely aligned with Active Directory and Microsoft services. Azure integrates well with my identity and access management processes. It allows me to support both on-premises and cloud-based identity requirements.

I have used fine-grained permission control in One Identity Active Roles. It was particularly useful for delegating specific administrative tasks to support teams without granting full Active Directory administrative rights.

I would rate this review a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 12, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.