No more typing reviews! Try our Samantha, our new voice AI agent.
Himanshu Gawai - PeerSpot reviewer
Sales specialist at Infobahn Technical Solution Pvt Ltd
Real User
Top 5
May 18, 2026
Automation has transformed user provisioning and governance and now streamlines daily administration
Pros and Cons
  • "One Identity Active Roles has positively impacted our organization by improving AD administration efficiency, reducing manual errors, strengthening access governance, and helping to standardize user provisioning and compliance processes across the team."
  • "One Identity Active Roles could be improved with a more modern and intuitive UI, faster performance for large environments, simpler reporting customization, and smoother integration with cloud-native identity platforms and APIs."

What is our primary use case?

My main use case for One Identity Active Roles is Active Directory user and group management with automation and delegated administration. For example, in daily work, I use it to automate user provisioning, deprovisioning, manage security group access, and enforce naming and compliance policies across AD environments.

What is most valuable?

The best features for One Identity Active Roles in my experience are automation, delegated administration, RBAC, dynamic group management, and policy enforcement. I also appreciate centralized management for AD and Entra ID, along with auditing and change tracking which helps significantly during compliance reviews.

One Identity Active Roles has made the biggest impact in automation and delegated administration. It reduced manual AD tasks, minimized provisioning errors, and accelerated user onboarding and offboarding significantly in day-to-day operations.

One Identity Active Roles has positively impacted our organization by improving AD administration efficiency, reducing manual errors, strengthening access governance, and helping to standardize user provisioning and compliance processes across the team.

Since implementing One Identity Active Roles, we have seen faster user provisioning and deprovisioning, a noticeable reduction in manual AD efforts, and significant time savings for routine administrative tasks. It also improved audit readiness through better tracking and policy enforcement.

What needs improvement?

One Identity Active Roles could be improved with a more modern and intuitive UI, faster performance for large environments, simpler reporting customization, and smoother integration with cloud-native identity platforms and APIs.

For how long have I used the solution?

I have been using One Identity Active Roles for around a year, mainly for AD automation, user provision, group management, and access governance tasks.

Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
902,894 professionals have used our research since 2012.

What do I think about the stability of the solution?

One Identity Active Roles is very stable.

What do I think about the scalability of the solution?

The scalability of One Identity Active Roles is strong in my experience. It handles large and complex Active Directory environments efficiently, supports multiple domain and hybrid setups, and maintains performance even with a high number of users and objects when properly configured. It is well-suited for enterprise-scale identity management.

How are customer service and support?

Support for One Identity Active Roles is generally good. We have a positive experience with response time and technical assistance for both configuration and troubleshooting. Documentation and support portal resources are also helpful, though some complex issues may require escalations.

How was the initial setup?

The integration of One Identity Active Roles with our existing Active Directory and IT infrastructure was fairly straightforward. I connected smoothly with our directory services, and most configurations were manageable with standard setup and policies. Some advanced customization required learning, but overall, the integration effort was moderate.

What was our ROI?

We have clearly seen the ROI for One Identity Active Roles. We reduced manual Active Directory administration efforts, improved provisioning speed, and minimized errors that previously required rework. While exact figures vary, the biggest gains were in the time saved for routine tasks and reduced workload on the AD team, allowing us to focus on higher value work instead of repetitive user management.

What's my experience with pricing, setup cost, and licensing?

We found the pricing, setup cost, and licensing for One Identity Active Roles to be on the enterprise side, but justified by the capabilities. Initial setup, some planning, and integration effort with Active Directory and licenses are typically based on managed user objects. Overall, the cost made sense considering the automation, governance, and long-term reduction in manual administration.

What other advice do I have?

My advice for others looking into One Identity Active Roles is to clearly define your Active Directory structure and governance model before implementing it. Invest time in designing roles and workflows properly, as most of the value comes from there. Also, plan the integration carefully and involve the AD and security team early to ensure smooth adoption.

One Identity Active Roles has been a reliable and effective solution for managing Active Directory at scale. It improved security, reduced manual work, and brought consistency to the identity operations. The main value comes from proper design and automation setup, which pays off long-term. I would rate this review a 10 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 18, 2026
Flag as inappropriate
PeerSpot user
Tassavour Shaikh - PeerSpot reviewer
Cybersecurity Analyst at DigitalTrack Solutions Private Limited
Real User
Top 5
Apr 27, 2026
Delegated automation has transformed directory governance and now streamlines compliant access control
Pros and Cons
  • "One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks related to Active Directory; many repetitive tasks are automated, so admins spend much less time on routine activities."
  • "One Identity Active Roles is very useful, though there are a few areas where it could be improved, such as the user interface, policy creation, and reporting; it requires good knowledge of Active Directory."

What is our primary use case?

One Identity Active Roles is used primarily for managing Active Directory, including user provisioning and group management. When a new employee joins, I use One Identity Active Roles to automatically create their AD account, assign them to groups, and apply policies, all with proper approvals.

Apart from basic user provisioning, I use One Identity Active Roles daily for managing and controlling Active Directory permissions in a structured way.

What is most valuable?

The best features One Identity Active Roles offers are delegated administration and automation, which stand out the most because they reduce admin workload and improve security. Delegated administration and automation significantly reduce admin workload while improving security and control.

For example, HR or help desk can create or modify users, but only within defined limits - they cannot make critical changes outside their scope.

One Identity Active Roles reduces the risk of misuse or accidental changes, and a workflow benefit is that the centralizing IT team does not handle every request. One Identity Active Roles has had a very positive impact on the organization, especially in terms of security and control over Active Directory.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has significantly helped implement least privilege principles. Instead of giving broad admin rights, very specific permissions are assigned based on roles, tasks, and need-to-know access. One Identity Active Roles has had a strong positive impact on the organization's compliance efforts. All changes in AD are logged and traceable, which helps during audits. Fine-grained permissions ensure users only have the access they need, while naming conventions, access roles, and security policies are automatically enforced.

What needs improvement?

One Identity Active Roles is very useful, though there are a few areas where it could be improved, such as the user interface, policy creation, and reporting - it requires good knowledge of Active Directory. The UI can feel outdated and not very intuitive for new users, and the learning curve is steep. Sometimes there can be slight delays when handling large-scale operations, and the reporting needs to be more helpful for audits.

For how long have I used the solution?

I have been using One Identity Active Roles for around six months.

What do I think about the stability of the solution?

One Identity Active Roles is generally a stable and reliable solution based on my experience.

What do I think about the scalability of the solution?

One Identity Active Roles is highly scalable and works well in both medium and large enterprise environments, as it can manage multiple AD domains, Azure AD tenants, and even hybrid environments from a single console.

How are customer service and support?

Customer support for One Identity Active Roles is generally good, especially for standard issues and guidance. The support team is knowledgeable about the product and AD environments, being helpful for configuration issues, troubleshooting, and best practices.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, I was primarily managing AD using native tools from Microsoft Management Console, such as Active Directory Users and Computers. I switched because the manual effort was too high, and there was limited delegation and no centralized control.

How was the initial setup?

Integrating One Identity Active Roles with the existing IT infrastructure and directory services was relatively smooth, especially since it is designed to work seamlessly with AD on-premise. It integrates natively with the AD, so the core setup is straightforward.

What was our ROI?

A strong return on investment has definitely been seen.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing and licensing for One Identity Active Roles has been reasonable for an enterprise solution, but it does require proper planning. The initial setup can involve some cost in terms of time and resources, especially for configuration, policy design, and integration, as skilled Active Directory or IAM professionals were required.

Which other solutions did I evaluate?

Before selecting One Identity Active Roles, I evaluated a few other options to compare features and fit for the requirements, such as Microsoft Identity Manager.

What other advice do I have?

My impression of the automation capabilities provided by One Identity Active Roles is very positive - they significantly reduce manual effort and improve consistency. For example, when a new employee joins, I use a predefined template, and One Identity Active Roles automatically creates the user account, applies naming conventions, assigns the correct groups, and enforces policies; previously, this required multiple manual setups, but now it is done in a few clicks with consistent results.

One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks related to Active Directory. Many repetitive tasks are automated, so admins spend much less time on routine activities. Delegated administration allows other teams to handle common requests instead of escalating everything.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very positive, as it has made the workflow much more efficient and controlled. It allows specific admin tasks to be assigned to different teams, so routine tasks such as user creation or password resets are handled by help desk teams, meaning requests do not need to be escalated, so turnaround time is much quicker.

My advice for organizations considering One Identity Active Roles would be to plan the implementation carefully; clearly define your requirements and decide who should have what level of access before implementing. I would rate this product an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Apr 27, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
One Identity Active Roles
June 2026
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: June 2026.
902,894 professionals have used our research since 2012.
System Admin at a outsourcing company with 11-50 employees
Real User
Top 5Leaderboard
Apr 16, 2026
Role-based automation has transformed daily directory tasks and now speeds secure user provisioning
Pros and Cons
  • "We have seen a huge return on investment with One Identity Active Roles, with measurable reductions in provisioning and admin efforts by 40 to 60%, eliminating the need for thousands of additional staff and leading to approximately 75% ROI and cost reduction."
  • "One thing I can add is that One Identity Active Roles could be more simplified for the initial setup and configuration."

What is our primary use case?

The main use case of One Identity Active Roles is to support daily Active Directory administrator tasks. Routine tasks such as user creation, password resetting, account updates, and handling are performed through One Identity Active Roles, which can be managed by the support team and has really improved the efficiency of our teams.

A real-time day-to-day example of using One Identity Active Roles is that a help desk user can reset the password and unlock the account without accessing Active Directory directly. When new users are created, required settings are applied automatically, making our jobs easier and operations very smooth. Previously, this was taking so much time, but nowadays it is automated, so it is a very good solution.

What is most valuable?

The best features One Identity Active Roles offers, in terms of my use cases, include its policy enforcement to ensure that all changes follow predefined standards, avoiding incorrect configuration and maintaining consistency across Active Directory, the role-based access control that allows assigning permissions based on job roles to simplify management and improve security in our organization, and its automation features.

I need to highlight role-based access control in One Identity Active Roles, as it has had the biggest day-to-day impact. Automation and policy enforcement are powerful, without doubt, but role-based access control is what fundamentally changed how we operate. Earlier, many tasks were a bottleneck, with only a senior admin able to perform most Active Directory changes, resulting in many help desk tickets. However, with One Identity Active Roles, we created fine-grained roles such as password reset, group management, and user provisioning, assigned those roles to the help desk team, and restricted access to only those organizational units based on attributes. Now, 90% of routine tasks are handled without escalation.

The effect of One Identity Active Roles on the complexity and workload of administrative tasks related to Active Directory has been very positive. It significantly reduces the operational burden while making processes more structured and controlled. It has really reduced administrative complexity. Tasks are handled through templates, policies, and workflows, which has significantly reduced the workload.

One Identity Active Roles has really impacted our organization very positively. It has improved control over Active Directory operations and reduced manual efforts. Tasks are completed faster than previously and more securely. These are the positive impacts we are seeing in day-to-day operations.

One Identity Active Roles has really proved its value. While exact numbers vary by environment, the provisioning time reduced by 70 to 80% and it is very smooth, and help desk ticket resolution improved by 60 to 80%. It has really reduced the use of privileged accounts, contributing to the positive impact we are seeing.

What needs improvement?

As far as improvements to One Identity Active Roles are concerned, I do not think any lack of features is present in the solution. It is working well and is a very powerful solution. There is no need for improvement as per my requirements.

One thing I can add is that One Identity Active Roles could be more simplified for the initial setup and configuration.

For how long have I used the solution?

I have been using One Identity Active Roles for more than four years.

What do I think about the stability of the solution?

One Identity Active Roles is stable.

What do I think about the scalability of the solution?

From a scalability perspective, One Identity Active Roles is a very good solution. There is no kind of challenge.

How are customer service and support?

Customer support for One Identity Active Roles is very supportive and good in their technical aspects.

Which solution did I use previously and why did I switch?

From day one, we have been using One Identity Active Roles only.

How was the initial setup?

Regarding Active Directory integration with One Identity Active Roles, it was very smooth and quick. We have not seen any kind of challenge, and it synced with Active Directory beautifully.

What was our ROI?

We have seen a huge return on investment with One Identity Active Roles. In many cases, that was quite measurable, such as reduction in provisioning and admin efforts by 40 to 60%, which resulted in reduced need for additional staff. Without it, we would need thousands of additional people. Cost saving and efficiency gain have led to some users reporting approximately 75% ROI and cost reduction.

What's my experience with pricing, setup cost, and licensing?

I have had a great experience with the pricing, setup cost, and licensing of One Identity Active Roles. There is no challenge we have seen as far as the vendor is concerned.

Which other solutions did I evaluate?

We have not evaluated other options before choosing One Identity Active Roles.

What other advice do I have?

I will highly recommend One Identity Active Roles because it is a very useful tool for improving Active Directory management and control. It really reduces risk and improves efficiency. It is well suited for organizations with a large Active Directory environment, which I will recommend highly. I gave this review a rating of 8.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: Apr 16, 2026
Flag as inappropriate
PeerSpot user
Satyam Gupta - PeerSpot reviewer
Technical Support Executive at DigitalTrack Solutions Pvt Ltd
Real User
Top 5Leaderboard
May 30, 2026
Delegated administration has simplified routine tasks and improves governance and compliance
Pros and Cons
  • "We are seeing a very good return on investment with One Identity Active Roles by reducing manual efforts, which in turn saves us time and money, and this solution provides a significant benefit, allowing us to complete tasks forty to sixty percent faster than before."
  • "I believe the initial setup could be more simplified to allow for better and faster deployment."

What is our primary use case?

We are using One Identity Active Roles to simplify our Active Directory administration, such as controlling delegation access and automating routine tasks including user management activities.

What is most valuable?

One Identity Active Roles offers many valuable features that function very smoothly, including delegation administration, automated user management, approval workflows, and auditing details. These are the best features based on my experience.

What stands out the most in One Identity Active Roles is its ability to securely delegate routine Active Directory tasks without granting full administrative privileges. Combining this with automation and policy-based control really helps us reduce manual efforts.

One Identity Active Roles has positively impacted many areas within our organization by simplifying Active Directory administration and reducing manual efforts. It improves operational efficiency with the help of automation and delegated administration, leading to very positive outcomes.

In terms of governance and security, One Identity Active Roles provides very valuable add-on features, offering strong governance while not being heavily AI focused. It helps us enforce least privileged access and improves accountability while mitigating the risk of unauthorized changes within our Active Directory environment.

The accuracy and reliability of output from One Identity Active Roles are very high, as it provides very accurate results.

We use the fine-grained permission control feature of One Identity Active Roles, which has been very effective in supporting our least privilege strategy. For example, help desk staff can perform password resets and account unlocks without receiving full Active Directory administrative rights, providing security and reducing the number of highly privileged accounts in the environment.

My impression of the automation capabilities of One Identity Active Roles has been very positive. User account creation, group membership assignments, and account updates can be automated through predefined policies and workflows, allowing the correct attributes, permissions, and groups to be applied automatically based on organizational requirements.

One Identity Active Roles helps improve our compliance processes by enhancing control, visibility, and accountability within Active Directory, strengthening governance, and simplifying the audit and compliance process.

What needs improvement?

I believe the initial setup could be more simplified to allow for better and faster deployment.

For how long have I used the solution?

I have been using One Identity Active Roles for almost two years.

What do I think about the stability of the solution?

One Identity Active Roles is a stable solution.

What do I think about the scalability of the solution?

One Identity Active Roles is a very scalable solution that can handle organizational growth over time.

How are customer service and support?

Customer support for One Identity Active Roles is very responsive and effective. Whenever we face technical issues, we raise a ticket and they are ready to provide support.

How was the initial setup?

I believe the initial setup could be more simplified to allow for better and faster deployment.

What was our ROI?

We are seeing a very good return on investment with One Identity Active Roles by reducing manual efforts, which in turn saves us time and money. This solution provides a significant benefit, allowing us to complete tasks forty to sixty percent faster than before.

What other advice do I have?

My advice to any organization considering using One Identity Active Roles is to deploy it, as it will be a great decision. During the deployment phase, I recommend identifying the Active Directory tasks that consume the most administrative time and focusing on automating those processes while taking advantage of all the useful features. I rate One Identity Active Roles nine out of ten because it is a very powerful solution providing great features and a smooth operational process.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Last updated: May 30, 2026
Flag as inappropriate
PeerSpot user
Bhupesh Matwale - PeerSpot reviewer
Technical Specialist at LSEG
Real User
Top 10
Sep 18, 2025
Enables secure multi-domain management through centralized access and automation
Pros and Cons
  • "One Identity Active Roles has helped my organization reduce the number of incorrect privileged accounts through the management unit feature and enables comprehensive group membership management with features not available in Active Directory, such as adding multiple secondary owners and dynamic groups."
  • "When we add numerous domains, it becomes slow. With around 60 domains, attempting to add approximately 30 caused significant performance issues."

What is our primary use case?

I use One Identity Active Roles primarily for identity management. We use it for managing multiple domains from a single interface, and the domains do not have trust between them. It has been used by multiple support teams, such as the service desk or the identity access management team for account creation, modification, and management of accounts. It is mostly focused on account creation, modification, deletion, and AD objects.

How has it helped my organization?

One Identity Active Roles has helped my organization reduce the number of incorrect privileged accounts through the management unit feature. It helps us identify accounts that are not in use, and while creating admin accounts, we use it to set policies regarding which required fields must be filled during account creation. This helps us keep the process clean and ensures all required attributes are filled before account creation. We have scheduled scripts on One Identity Active Roles that check if activity meets criteria. If it doesn't, it will move the account to a specified OU, disable it, or delete it, as per the defined process.

One Identity Active Roles helps us keep accounts consistent. For instance, when somebody leaves the company, all associated accounts get removed, which helps us eliminate unwanted accounts.

For Active Directory, the provisioning and de-provisioning capabilities work exceptionally. The de-provision feature allows account disconnection without disabling it, enabling quick reconnection with automatic group additions. This feature significantly speeds up the process compared to disabling and re-adding to groups.

The comprehensive group membership management feature is exceptional because it offers two features not available in Active Directory directly: adding multiple secondary owners and dynamic groups. The latter is only available for Azure AD, not for on-premise AD.

Using One Identity Active Roles enables temporary group additions. For instance, if a group provides access, we can temporarily add a member, and when the time period expires, the member gets removed automatically.

The granular control is exceptional; we can give the least control required by the team. For modifying any group, we don't have to give create and delete roles; we can just give them the move role. 

The delegation of administrative access impacts IT operations positively through access templates, which are usually created based on the team.

One Identity Active Roles has increased operational efficiency despite occasional slowdowns. Solution consolidation is part of our identity and access management strategy, eliminating the need for direct Active Directory access for the help desk and IAM team.

What is most valuable?

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners. 

What needs improvement?

The interface appears outdated. Once logged in, everything inside remains unchanged from years ago. 

Additionally, when they release new features, they should provide training or webinars at least once or twice a year. This would help users stay updated and aware of new features. When I requested a demo session with One Identity, the presenter didn't provide complete details, making it difficult for non-technical managers to understand. The demo should be planned based on the customer's knowledge level.

Regarding visibility in the directory ecosystem, while it is very good, there are limitations. When we add numerous domains, it becomes slow. With around 60 domains, attempting to add approximately 30 caused significant performance issues. We had to remove and decrease the number of domains, indicating room for improvement in managing multiple domains from a single interface.

For how long have I used the solution?

I have been using One Identity Active Roles for approximately 11 or 12 years.

What do I think about the stability of the solution?

I would rate the stability as eight out of ten. I have already discovered approximately three defects in the new version. 

While One Identity Active Roles has improved operational efficiency, there are occasional challenges with system slowdowns.

What do I think about the scalability of the solution?

The scalability is excellent, rated around nine or ten out of ten. It can be expanded or decreased based on the SQL server requirements.

In our organization, the solution is open to all users with read-only access, with approximately 200 users having admin access. 

How are customer service and support?

I would rate their support a nine out of ten.

How would you rate customer service and support?

Positive

How was the initial setup?

I've personally deployed systems from scratch, from planning through to completion.

Deployment is not overly complicated. We do need to ensure that the required ports are open and that we have the necessary permissions. However, it does vary from company to company regarding how they manage to get those ports opened and permissions granted. Based on my experience, I would rate the complexity of deployment as about a seven or eight out of ten. In the new version, we did encounter some issues related to system slowness, but other than that, most aspects look good.

The deployment duration depends on your company's processes. If you manage to get the ports opened and the permissions granted quickly, the deployment can be completed in about two months. For us, it took approximately six months because acquiring the necessary permissions and opening the ports took time. Additionally, post-deployment, we needed to conduct some testing as well. So, while I wouldn’t say it takes excessively long, it does depend on your circumstances. If everything is in place, meaning if the ports are open and permissions are set, you could deploy a basic version within two days.

The solution requires regular maintenance, including server patching and routine updates. We monitor alerts and check the website regularly as part of business-as-usual support.

Which other solutions did I evaluate?

When comparing One Identity Active Roles with other solutions in the market, there are no direct competitors. Having explored alternatives in my previous company, I found it to be more user-friendly and to have more secure features around Active Directory than other available solutions.

What other advice do I have?

Regarding integration, I have not yet integrated One Identity with other One Identity products as this process is ongoing with our recent upgrade. While we have multiple One Identity products, this integration remains a future project.

Regarding lifecycle management capabilities via the workflow engine, we have not fully utilized it because most workplaces have used third-party tools such as Microsoft MIM. At my previous workplace, SailPoint was used for complete account lifecycle management. We primarily used One Identity Active Roles for account management after creation and for modification of admin accounts.

I would recommend One Identity Active Roles based on its ability to manage domains from a single interface and provide minimal-required access based on work requirements. The web interface login and MMC console are very user-friendly.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Sonusingh Singh - PeerSpot reviewer
Customer Support Engineer at Arrow PC Network Pvt Ltd
Real User
Top 5
May 14, 2026
Centralized delegation has transformed daily directory tasks and now streamlines secure access control
Pros and Cons
  • "One Identity Active Roles has significantly reduced both the complexity and the workload for Active Directory administration in our environment."
  • "One area where One Identity Active Roles could be improved is the user interface."

What is our primary use case?

Our main use case for One Identity Active Roles is centralized Active Directory administration and user lifecycle management. We primarily use it for automated user provisioning and de-provisioning, role-based access control, group management, and delegating administrator tasks securely without giving full domain admin rights.

One common scenario is delegating password reset and user account unlock tasks to the service desk team using One Identity Active Roles.

Another valuable aspect for our use case with One Identity Active Roles is automation and standardization. We use it to apply consistent user provisioning policies, naming conventions, and group assignments across the organization.

How has it helped my organization?

One Identity Active Roles has had a positive impact on our organization by improving security and simplifying Active Directory management. One of the biggest benefits has been secure delegation. We no longer need to provide full domain administrator access for routine tasks, which has reduced security risk and improved operational control. Help desk and regional IT teams can handle common user management activities within their assigned scope without affecting critical systems.

We have seen noticeable operational and security improvements after implementing One Identity Active Roles. One major improvement was the reduction in manual administrator effort for tasks such as user provisioning, password resets, group assignments, and account deactivation, which became much faster through automation and delegation. This has reduced the workload on senior administrators and improved response times for end users.

What is most valuable?

The best features of One Identity Active Roles are its automated delegation and centralized Active Directory management capabilities. Based on my experience, these are the most valuable features, including role-based access control and automated workflows, dynamic group management, change tracking, and auditing, hybrid environment management, and access templates and policy enforcement.

The feature that made the biggest difference for us with One Identity Active Roles is the role-based delegation. Automation workflow, automated user provisioning, de-provisioning, group management, and policy enforcement reduce manual work and human error. Dynamic group management, such as automatically adding or removing users from groups based on predefined rules and attributes, also contributes significantly.

What needs improvement?

One area where One Identity Active Roles could be improved is the user interface. A more modern and simplified interface would help reduce the learning curve and improve day-to-day management efficiency.

I would also appreciate improvements in cloud-focused management and integration. Many organizations now operate in a hybrid or cloud-first environment, so having more intuitive Microsoft 365 and Entra ID management workflows would improve operational efficiency.

There are still a few areas where improvements could be made to One Identity Active Roles, such as a more modern user interface experience. The interface is powerful but can be dated and complex. A cleaner, more intuitive UI would make daily admin tasks faster and easier, particularly for new administrators. It also needs a strong cloud-native experience and simplified workflows and reporting setup.

For how long have I used the solution?

I have worked in this field for the last seven years.

What do I think about the stability of the solution?

One Identity Active Roles is very stable.

What do I think about the scalability of the solution?

Its scalability is good.

How are customer service and support?

Customer support is good, and I rate customer support a nine.

Which solution did I use previously and why did I switch?

Before selecting One Identity Active Roles, we evaluated several other options, including Active Directory management and IAM solutions, such as Microsoft native tools, AD Entra, ManageEngine ADManager Plus, NetIQ, SailPoint, Okta, and JumpCloud. While other tools were very strong, especially in areas including governance and cloud IAM, One Identity Active Roles stood out for operational AD management, particularly secure delegation, which was our primary requirement. We chose One Identity Active Roles based on this evaluation.

How was the initial setup?

Integrating One Identity Active Roles with an existing IT infrastructure and directory services is generally of moderate difficulty. It is not overly complex, but it does require proper planning and Active Directory expertise.

What about the implementation team?

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations. The typical ROI outcomes we have observed include time savings in user provisioning, which previously took twenty to thirty minutes per request. After implementing One Identity Active Roles, we reduced this to approximately five to ten minutes using templates and automation. This alone represents a sixty to seventy percent time reduction per request.

What was our ROI?

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations.

What's my experience with pricing, setup cost, and licensing?

Our experience with pricing, setup costs, and licensing indicates that it is on the higher side but justified by the enterprise value. The licensing model is typically subscription-based and usually calculated based on the number of managed user accounts.

What other advice do I have?

Our experience with delegation in One Identity Active Roles has been very positive and has fundamentally changed how we manage Active Directory operations. With delegation, we have implemented role-based delegation to assign specific administrator responsibilities to different IT teams, such as the help desk team for password resets, account unlocks, and basic user attribute updates; the regional IT team for user and group management; and the AD administrator for higher-level tasks including policy changes, schema-related operations, and domain controller control.

The key advice I would recommend is to invest time in design before implementation, redefine your role model and UI structure, start small and expand gradually, and keep your delegation strategy role-based.

One Identity Active Roles has significantly reduced both the complexity and the workload for Active Directory administration in our environment. The impact on workload has been a major reduction in manual AD tasks. Routine activities such as user creation, password resets, group updates, and account disabling and enabling are now largely automated and delegated to various roles.

The automation capabilities are generally very strong, especially for Active Directory lifecycle management and role-based access control. One Identity Active Roles is designed to reduce manual IT administration by turning repetitive identity tasks into policy-driven and workflow-based automation.

Fine-grained permission control in One Identity Active Roles has been a key part of implementing least privilege access in our environment. We use it to define very specific permissions at a granular level, such as allowing the help desk team to reset passwords and unlock access only within their assigned organizational units, restricting group management rights so that users can only modify specific security or distribution groups, and limiting attribute-level changes. The impact on least-privilege implementation has been reduced over-privileged accounts, a strong security posture, clear accountability, better compliance alignment, and operational efficiency without risk trade-offs.

I rate this review an eight overall.

Disclosure: My company has a business relationship with this vendor other than being a customer. Consultant
Last updated: May 14, 2026
Flag as inappropriate
PeerSpot user
karan rathod - PeerSpot reviewer
network security engineer at a outsourcing company with 11-50 employees
Real User
Top 5
Jun 5, 2026
Automation has streamlined identity governance and has improved secure delegation in our directory
Pros and Cons
  • "One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts."
  • "The main improvement I would like to see for One Identity Active Roles is a more modern and intuitive interface, along with more customizable reporting and dashboards to enhance our experience with the platform."

What is our primary use case?

Our main use case for One Identity Active Roles is Active Directory administration and user lifecycle management, and we use it to create, modify, disable, and manage user accounts, groups, and permissions in a controlled and standardized manner, which improves security and reduces the risk of manual error when managing the Active Directory environment.

A good example of how we use it for user lifecycle management is user onboarding, where instead of manually creating accounts and assigning permissions in Active Directory, One Identity Active Roles automation automates the process using predefined templates and workflows, saving time, reducing errors, and ensuring users receive the correct access from day one.

Another benefit of our main use case with One Identity Active Roles is delegated administration, which allows different teams to perform specific tasks without needing full Active Directory access, improving security and making administration much easier while helping with auditing and change tracking.

What is most valuable?

The best features of One Identity Active Roles include user lifecycle management, delegated administration, automation, and role-based access control, where user lifecycle management helps to standardize and automate tasks, and delegated administration allows teams to perform specific tasks without giving them full Active Directory privileges, thus improving both security and operational efficiency.

For one example regarding how automation and role-based access have helped my team, the user onboarding process used to involve the administrator manually creating accounts, assigning groups, and configuring permissions; however, with One Identity Active Roles, the process can be standardized through workflows and templates, which reduces manual effort, speeds up provisioning, and ensures users receive the correct access from the start, while I also appreciate the auditing and change tracking capabilities for visibility into who changed what and when, which aids troubleshooting, compliance, and overall governance in our Active Directory environment.

One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts.

What needs improvement?

The main improvement I would like to see for One Identity Active Roles is a more modern and intuitive interface, along with more customizable reporting and dashboards to enhance our experience with the platform.

I would appreciate more integration with other identity and security tools, alongside more flexible reporting and dashboards to improve the functionality of One Identity Active Roles while we have not faced major performance issues.

For how long have I used the solution?

I have been using One Identity Active Roles for approximately one year.

What do I think about the stability of the solution?

I have not used the AI-specific capabilities extensively, but the overall output from One Identity Active Roles has been accurate, and we still perform reviews for important changes; however, I find the system to be consistent and dependable.

What other advice do I have?

I rate One Identity Active Roles a 9 out of 10 because it has helped simplify Active Directory administration, improve security, delegate access, and reduce manual errors through automation, making it a reliable and valuable solution for identity and access management.

I chose 9 out of 10 because it is a reliable and feature-rich solution that has enhanced efficiency and security for my team, while to reach a perfect 10, I would like to see a more modern interface, improved reporting, and additional integrations with other platforms.

From my experience with One Identity Active Roles, governance and security are some of the strongest aspects of the platform because it provides role-based access control, delegated administration, and detailed auditing to ensure that administrative activities are properly controlled and monitored, and while I have not extensively utilized specific AI-driven capabilities, the overall security model helps reduce the risk of unauthorized changes and improves visibility into who performs what actions.

I utilize One Identity Active Roles in an on-premises environment that is integrated with our Active Directory infrastructure, so it primarily operates within our on-premises setting.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has helped us enforce least privilege access by allowing users to perform only the tasks relevant to their role, notably enabling the help desk team to manage passwords and user accounts without requiring full Active Directory administrative rights, thereby improving security and control.

I assess the integration of One Identity Active Roles with our existing IT infrastructure and directory services as manageable, as it has facilitated effective implementation of least privilege access by allowing us to delegate specific tasks to different teams without granting full administrative rights, thus enhancing security and reducing risk. My overall review rating for One Identity Active Roles is 9 out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jun 5, 2026
Flag as inappropriate
PeerSpot user
Satyamkumar Prajapati - PeerSpot reviewer
Technical Writer at Mphasis
Real User
Top 5Leaderboard
May 12, 2026
Centralized automation has transformed onboarding and now streamlines secure identity governance
Pros and Cons
  • "One Identity Active Roles has positively impacted our organization by improving operational efficiency, strengthening governance, and reducing manual administrative effort within Active Directory and identity management operations."
  • "One area is the user interface and administrative experience. While the platform is feature-rich, some workflows and configuration screens can feel complex for new administrators, especially in large enterprise environments with extensive policy configurations."

What is our primary use case?

One Identity Active Roles serves as my primary platform for centralized Active Directory administration and identity management automation.

In my day-to-day work, I use One Identity Active Roles for centralized Active Directory and identity management through access provisioning. When a new employee joins the organization, One Identity Active Roles handles the creation of the Active Directory account, group membership, mailbox-related configuration, and role-based access assignment through a centralized workflow.

This automation has significantly impacted my daily tasks and the onboarding process by reducing administrative effort, minimizing configuration errors, and accelerating the onboarding process, which saves considerable time. Before we implemented One Identity Active Roles, the administrator manually managed multiple accounts across different systems. After implementing One Identity Active Roles, the platform applies policies and templates to provision new accounts consistently and securely.

An additional benefit of my main use case is the consistent governance across identity management operations. Since many administrative tasks are automated and policy-driven, our teams spend less time handling repetitive manual account management activities and troubleshooting configuration inconsistencies.

What is most valuable?

One of the best features of One Identity Active Roles is its automated onboarding capability.

The feature that stands out most for me is the delegated administration combined with policy-based automation, which provides a strong balance between operational efficiency and security governance. One of the most valuable aspects is the ability to assign administrative responsibility to specific teams without granting full Active Directory administrative privilege. For example, Help Desk or regional IT teams can manage password resets, group membership, or user account updates within a controlled scope, while core security and directory administrators remain centrally governed.

A feature that stands out during daily operations is the centralized auditing and tracking capability. In enterprise Active Directory environments where multiple administrators and support teams are involved, having detailed visibility into account changes, group modifications, and administrative actions is extremely valuable.

One Identity Active Roles helps simplify troubleshooting, improve accountability, and support compliance and audit requirements because administrative activities can be tracked more efficiently from a centralized platform.

One Identity Active Roles has positively impacted our organization by improving operational efficiency, strengthening governance, and reducing manual administrative effort within Active Directory and identity management operations. One of the biggest improvements was the automation of routine identity lifecycle tasks such as user provisioning, account updates, group management, and deprovisioning, which reduced repetitive manual work for administrators and helped minimize configuration errors.

We observed noticeable operational improvements after implementing One Identity Active Roles, especially in user provisioning and administrative management processes. For example, onboarding and account provisioning tasks that previously required multiple manual activities and directory updates became significantly faster through policy-based automation and predefined templates, reducing the time required for runtime account management activities and improving consistency across the environment.

What needs improvement?

One Identity Active Roles is a strong platform for identity and administration and Active Directory management; however, I see a few areas where it could be improved. One area is the user interface and administrative experience. While the platform is feature-rich, some workflows and configuration screens can feel complex for new administrators, especially in large enterprise environments with extensive policy configurations.

Another area for improvement is reporting and analytics. More modern and customized dashboards with deeper operational insights would help administrators monitor identity management activities and governance metrics more efficiently. We also found that advanced workflow customization and integration scenarios can require significant expertise and planning, so simplifying some of the configuration and automation processes would improve usability and reduce the learning curve for administrators.

For how long have I used the solution?

I have been working in my current field for more than four years.

What do I think about the stability of the solution?

One Identity Active Roles is stable.

What do I think about the scalability of the solution?

My experience is that One Identity Active Roles scales well for enterprise Active Directory administration and Active Directory management environments. The platform has been able to support a growing number of users, administrative workflows, delegation management, operational tasks, and policy-based automation tasks without major performance concerns.

How are customer service and support?

Customer support is good.

What was our ROI?

We have seen a positive return on investment from One Identity Active Roles, primarily through reduced administrative workload, improved operational efficiency, and stronger governance across Active Directory management. We also experienced fewer configuration and permission-related errors because automated workflows and approval controls reduce manual intervention.

What other advice do I have?

My advice to organizations considering One Identity Active Roles would be to invest time in properly planning their identity governance model, delegation structure, and automation workflows before deployment. One Identity Active Roles provides powerful capabilities for Active Directory administration and identity lifecycle management, but careful planning helps maximize its long-term value. I would rate this product an 8 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 12, 2026
Flag as inappropriate
PeerSpot user
reviewer2846799 - PeerSpot reviewer
Training Engineer
Real User
Top 20
May 28, 2026
Automation has transformed delegated access and now streamlines our daily identity operations
Pros and Cons
  • "After implementing One Identity Active Roles, clear operational improvements are evident, including user provisioning time reduction from hours to minutes, a 40 to 50% drop in service desk workload, faster resolution of password reset and account-related requests through delegated administration, and fewer manual errors in group assignment and permission management."
  • "One area where One Identity Active Roles can improve is simplifying complex workflow and approval management in large enterprise environments."

What is our primary use case?

One Identity Active Roles is used in our environment primarily for managing Active Directory operations such as user provisioning, password reset, account locks, group management, and delegated administration access.

User provisioning is a heavily utilized function, where new employee onboarding includes automatic account creation, OU placement, group membership, and permission assignment based on department or role. The service desk team manages group membership requests and access changes through delegated administration without requiring full domain admin rights, which reduces manual efforts and improves security control.

After implementing One Identity Active Roles, clear operational improvements are evident, including user provisioning time reduction from hours to minutes, a 40 to 50% drop in service desk workload, faster resolution of password reset and account-related requests through delegated administration, and fewer manual errors in group assignment and permission management.

What is most valuable?

The best feature of One Identity Active Roles is automation combined with delegated administration, which reduces repetitive Active Directory work such as user provisioning, group assignment, and account management while allowing the service desk team to handle routine tasks without granting full domain admin access.

Automation simplifies daily operations by eliminating repetitive manual Active Directory tasks including user creation, group assignment, password reset, and account disablement. Onboarding and offboarding processes become much faster because account permissions and group membership are assigned automatically based on role or department.

One Identity Active Roles has positively impacted productivity and user satisfaction by reducing delays in account provisioning, password reset, and access requests. Previously, many AD-related tasks were manual and heavily dependent on senior administrators, but after implementing automation and delegated administration, requests are completed much faster and with fewer errors.

What needs improvement?

One area where One Identity Active Roles can improve is simplifying complex workflow and approval management in large enterprise environments. Troubleshooting permission inheritance, synchronization issues, or customized workflows can still require considerable time and experienced administrator involvement.

The UI experience, easier workflow customization, and better troubleshooting visibility for complex AD and hybrid identity environments require improvement. Identifying permission inheritance issues or synchronization problems still sometimes requires manual investigation.

Complex workflow management and troubleshooting simplification in large enterprise environments remains an area for improvement.

For how long have I used the solution?

I have been using One Identity Active Roles for two years.

What do I think about the stability of the solution?

One Identity Active Roles has been very stable, with no major outages or performance problems experienced during normal operation.

What do I think about the scalability of the solution?

One Identity Active Roles handles our large Active Directory environment efficiently as the number of users, groups, and delegated administration tasks increases.

How are customer service and support?

Customer support for One Identity Active Roles is generally good, with the support team demonstrating strong technical knowledge, particularly regarding AD integration.

Which solution did I use previously and why did I switch?

Before implementing One Identity Active Roles, native Active Directory tools, manual administration, and PowerShell scripting were primarily used.

What was our ROI?

A good ROI was achieved with One Identity Active Roles through measurable operational improvements, including a 40 to 50% reduction in routine service desk workload.

What's my experience with pricing, setup cost, and licensing?

My experience with pricing, setup cost, and licensing is generally positive for an enterprise environment, as the initial investment can feel high but provides long-term value.

Which other solutions did I evaluate?

Before choosing One Identity Active Roles, Microsoft Identity Manager and other tools were evaluated, with One Identity Active Roles selected for its strong integration with our existing Active Directory environment.

What other advice do I have?

Fine-grained permission control in One Identity Active Roles had a strong impact on least privilege implementation in our organization, as only specific tasks and privileges were delegated to users based on their job responsibilities.

Integration of One Identity Active Roles with our existing infrastructure is relatively smooth because our environment is already heavily based on Active Directory and Microsoft technology, although the main challenge came during complex workflow customization.

The automation capabilities of One Identity Active Roles are very positive, as they reduce repetitive tasks such as automatic user account creation during new employee onboarding.

One Identity Active Roles reduces the complexity and workload of Active Directory by automating repetitive administrative tasks including user provisioning, group management, password resets, and account maintenance.

Delegated administration through One Identity Active Roles is a very positive experience because it reduces dependency on senior administrators for routine tasks.

One Identity Active Roles was purchased through another channel.

I would rate this review a 9 out of 10.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: May 28, 2026
Flag as inappropriate
PeerSpot user
reviewer2794194 - PeerSpot reviewer
Sr Mgr Cyber Defense at a manufacturing company with 10,001+ employees
Real User
Top 5
Jan 4, 2026
Granular delegations have streamlined least-privilege access and simplified cross-domain control
Pros and Cons
  • "One Identity Active Roles takes us less time, probably half the time, to complete delegations that are very granular and complex, compared to having to use native tools and scripts."
  • "I am not really satisfied with the customer support for One Identity Active Roles as the support is pretty limited."

What is our primary use case?

My main use case for One Identity Active Roles is delegations and limiting access based on least privilege principles.

A specific example of how I use delegations and least-based access in my environment is that for cases where people only need a password reset, I can grant that capability without granting the ability to unlock accounts, or I can grant the ability to unlock without granting people password reset permissions.

What is most valuable?

The best features One Identity Active Roles offers are that it can be used across multiple domains and forests.

In our company, we have 85 different domains, and it would be cumbersome to have a separate instance of One Identity Active Roles for each domain. One Identity Active Roles allows us to give people in one domain access through One Identity Active Roles to all these other domains without them needing an account in each of those other domains, even though there does not have to be a trust between those domains.

One Identity Active Roles has positively impacted my organization by helping speed up delegations and helping us find permissions and generate reports more quickly on who has what access where.

One Identity Active Roles takes us less time, probably half the time, to complete delegations that are very granular and complex, compared to having to use native tools and scripts.

What needs improvement?

One Identity Active Roles can be improved because schemas sometimes differ between domains, and One Identity Active Roles does not behave very well with that inconsistency. We have an open case with Quest on this issue, but so far they do not have a solution for it.

I would also like to request that their support be more detailed, as we are finding difficulties getting to the correct people.

I give it an eight mainly because if we have to undo it for a divestiture, it is very difficult to strip off just the permissions easily because they are done via domain groups. We have to go back and find them all and remove them individually, so there should be an easier way to do that.

For how long have I used the solution?

I have been using One Identity Active Roles for six years.

What do I think about the stability of the solution?

One Identity Active Roles can be buggy at times, and we have to restart the server.

What do I think about the scalability of the solution?

One Identity Active Roles can handle growth in my environment, but the downside is that when we have domains that are further away from the server, it takes longer to bring up the console.

How are customer service and support?

I am not really satisfied with the customer support for One Identity Active Roles as the support is pretty limited.

How would you rate customer service and support?

Positive

What other advice do I have?

We do run into challenges with managing upgrades and patches for One Identity Active Roles, but we have a test instance that we try to do it on first.

My advice to others looking into using One Identity Active Roles is to plan out in advance and think about the big picture before you dive in. I give One Identity Active Roles an overall rating of eight out of ten.

Which deployment model are you using for this solution?

On-premises

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Last updated: Jan 4, 2026
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.
Updated: June 2026
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.