One Identity Active Roles Reviews

One Identity Active Roles is used day to day for centralized user management and user provisioning, group management, enforcing role-based access control, creating automated users, and notifications. One Identity Active Roles is used for managing group membership and controlling access efficiently.

Organizations having multiple employees can consider this solution to manage their employees' usernames and credentials, onboard users, and manage their access. I highly recommend all organizations to consider this as one of the best solutions.

The best feature is the role-based access control feature, which secures delegation without giving full admin rights to any users. The central management is also valuable, as it gives a single unified console to manage the entire AD environment.

This solution saves time through user onboarding and removes concerns about security, as all these aspects are managed by One Identity Active Roles. Users receive access based on their role, the onboarding process is simpler, and manual user lifecycle management has been reduced.

The initial setup is a bit complex for new engineers, so that could be simplified.

I have been using One Identity Active Roles for more than two years.

One Identity Active Roles is pretty stable.

The initial setup was easy and the licensing is also simpler. I was not involved in the cost, so I cannot comment on the costing.

The solution has resulted in money saved and time saved. It has really saved the organization money.

One Identity Active Roles is a great solution, which is why I have chosen a rating of nine for this review, with one point reserved for future enhancement of the solution.

The main use case is the Active Directory delegation. We have many different entities within our organization, and we needed to delegate some Active Directory capabilities, such as creating users, updating users, deleting users, groups, and computers.

The access templates help set up granular permissions and the web portal to manage Active Directory. Active Directory is usually managed through a heavy console, and using One Identity Active Roles allows it to be managed through any internet browser. Additionally, it helps in removing custom Active Directory delegation, which enhances security by eliminating unnecessary privileges, addressing identity-based breaches by reducing the number of Active Directory delegations.

One area for improvement would be the Entra ID side, including better delegation for Entra ID objects and more granular permissions. We would also like to see better Entra ID license management using virtual pool management, given that the current setup is custom-made, and having this feature built-in would be beneficial. The web interface could also be improved, though it's ongoing.

The solution has been in place for the last fifteen to seventeen years, but I have been using it for the last eight years since joining the company.

The stability of One Identity Active Roles is rated seven. There are performance issues sometimes, but restarting services usually resolves them.

The solution is scalable. It is rated nine in terms of scalability.

Customer support is rated six. Sometimes having a fix for a bug takes too much time. While in production, issues tend to take a while to resolve.

Neutral

The initial setup is quite easy. The deployment is not long, but the extensive customization, such as virtual pool licenses, takes a bit of time, about a week.

The product is expensive, but if you want to save money, the delegation set-up process is quite easy. After setting up Active Roles once, defining the delegation model, it is very efficient, almost like copy-paste.

CoreView offers better Entra ID delegation. They conducted a study and found that CoreView has better features than One Identity Active Roles in terms of Entra ID delegation.

I would definitely recommend One Identity Active Roles because it allows the delegation of Active Directory through a web portal instead of a console. Additionally, while the Entra ID part requires improvements, it can still delegate Entra ID objects. I rate the overall solution an 8 out of 10.

We use One Identity Active Roles for the delegation of Active Directory administration to local entities.

It has helped improve our organization by delegating day to day tasks to entities, allowing gains in time to market for AD related tasks, and also allowing to reduce time and effort spent globally.

The most valuable features are the access templates, which allow for granular permissions, and the policies that provide a framework for usage and standardization across entities. The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface. It helps us ensure that entities do not make any mistakes by hiding those capabilities directly in the tools with the access templates.

There are areas for improvement in One Identity Active Roles that include updating the web interface, creating an API accessible from the web, and improving overall performance, as it can be slow at times. But all of those are already in the development roadmap.

We have been using One Identity Active Roles since 2011, which amounts to fourteen years.

I would rate the stability as a seven because there are sometimes performance issues, which require restarting the services. This affects stability.

The solution is highly scalable, with a scalability rating of nine. It effectively handles 150,000 users.

I rate customer service and support as a seven because, although they are helpful when needed, there can be delays in responding to tickets and finding necessary fixes.

Neutral

There was no previous solution in place before, as One Identity Active Roles was already implemented when I joined.

The initial setup was straightforward but took months due to the detailed design required for the access templates.

In house.

I estimate the return on investment (ROI) to be about fifteen percent.

The pricing of One Identity Active Roles is expensive, but the return on investment justifies the cost, allowing for savings in other areas.

I would recommend One Identity Active Roles due to its straightforward delegation capabilities, comprehensive management of Active Directory objects, an excellent PowerShell cmdlet suite for scripting, and a robust change history feature for auditing. The overall solution is rated as eight out of ten.

We use it extensively. Our help desk and all the end users or administrators use it. It was being used for user provisioning, but we have now automated some of the functions. Earlier, when it was being manually done, we had set up all the templates for the end-user provisioning and de-provisioning.

The granular control has been very helpful for us. We want to be able to control what level users have access to. It is possible to control access levels at the organizational unit or even the attribute level, making it helpful for us.

Active Roles helped increase operational efficiency in our organization. We have delegated user provisioning to the help desk so they can create users or manage accounts. We have delegated group management to identified group owners who can manage their groups. Some of them just need read-only access to AD; they do not need to download the native tools. They can just do it via a browser.

Active Roles has helped our organization reduce the number of erroneous privileged accounts. We have set the templates, and we have set the standards. It helps standardize all the naming conventions and how they are provisioned with the rules. That is definitely very helpful.

We use the change history to see who might have modified what object. We have that tracking, but we use a tool from Quest called Change Auditor that can do the auditing to figure out who did what type of thing for auditing.

It is very intuitive and close to the native tools. Since it is web-based, it does not require extensive training for our end users. If users are familiar with native tools, they should be able to use the web-based tools with minimal training.

I know they have increased support for Entra ID and mentioned providing support for AWS. A way to connect to various directories and integrate with cloud directories would be beneficial.

We have used this solution for about 15 years.

It is very beneficial for large and complex environments. For mid-sized to small companies, I do not know if it would be that useful, considering the tool's purpose. For us, with a complex AD environment, it is incredibly useful, but for smaller companies, where there are not many users or roles needing identification, it may not be as beneficial or cost-effective.

We have more than 65,000 users.

One Identity's support is great. I would rate them a nine out of ten.

Positive

We have been using Active Roles since I have been on the team. We rolled it out and have been using it for the last 15 years or so. They were using native tools earlier.

I have not used other vendor solutions, just native tools. 

We deployed it and recently upgraded it. We received support from One Identity for consulting, but we did the upgrade ourselves. It was not too bad.

I would rate it a five out of ten for the ease of use. We were trying to do some load balancing and things like that, which did not work out the first time. There were also some issues with the dynamic groups. The first time, we had to roll it back, but we were successful the second time.

The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.

I would rate One Identity Active Roles an eight out of ten.

We use Active Roles to bring our decentralized environment into a single pane of glass. Our entire customer base is in a single directory, and they can manage their objects without interfering with other entities in our environment. 

We saw benefits immediately. We must have these roles in place in our environment, or we'd be in big trouble. The solution improved our operational efficiency. Instead of manually applying permissions in Active Directory to thousands of OUs, we can do it in five minutes with a command in PowerShell.

It prevents us from erroneously assigning permissions. Active Roles improves our security posture by ensuring permissions are consistent and applied to the correct target every time. By taking the manual work out of the equation, we ensure we don't have any credential leaks.   

Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface.

The solution gives us granular control, allowing us to build highly customized roles and apply them across our environment. We have 500,000 separate OUs.

Active Roles could add more options for web customization. Our requirements are exceedingly specific. We'd like to get the web interface down to just five buttons, but in some cases, we can only get to six. The web interface in the current version is less customizable than in the previous one.

We have used Active Roles for 10 years over two periods. 

We've had no issues with crashing, but we've had problems with the web interface lagging. We're not sure if that's the infrastructure. 

One Identity is pretty scalable. We have SQL on the back end so that we can spin up a VM and bring up a new web interface. It has a new feature where a workflow can run on a dedicated server, and we don't need to use our frontend servers for workflow activities. 

I rate One Identity support nine out of 10. We are happy with the quality of One Identity's support team. We get a response within one or two days. Our unique organization has uncommon problems, so we typically need tier 2 or 3 support. The good thing about One Identity is that we don't need to spend a few days convincing them to escalate.  

Positive

Deploying Active Roles was easy. We had prior experience, and help from professional services made it easier. Our environment is unique, and their professional services helped tremendously with our odd use cases. You can stand up an out-of-the-box deployment in a couple of days. We had one primary engineer and two assistants on the deployment team. 

I wasn't involved in purchasing the solution, but I get the impression from management that it's priced about the same as other products, and we get more value from it. 

I rate One Identity Active Roles 10 out of 10. My suggestion to future users is to map out your roles with as much granular precision as possible. 

We're trying to solve the same problems with fewer products. We're not there yet, but we plan to consolidate, and our customers are happy with One Identity products.

I am an implementer for the product. I install Active Roles for companies.

Active Roles helps my clients by reducing erroneous privileged accounts, often cutting them in half. It also reduces IT administrators' time spent on these tasks by 5 to 10 percent.

My clients can save money on licensing. We can bundle Active Roles with other IGA solutions and save on overall service renewal. The solution improves user experience for most users. The end-users generally only use the self-service portion, which they like. It's easy for them to use. Unfortunately, there is one annoying setting that they initially set, but that could easily be remedied in the future. For IT users, it's a mixed bag. Administrators love it. I think it's wonderful. Depending on how the administrators deploy it, the help desk users either think it's great or hate it because they want to use a console.

The best part of this Active Roles is the workflow engine. It features an industry-leading workflow automation feature. It's a visual PowerShell that allows task interruption. 

It offers single-pane-of-glass management to a degree. Right now, the Azure side can only be done from the web UI, not the console. The administrative side can only be done from the console, not the web UI. 

Conditional access works well. Combined with RBAC, it always works well with Active Roles because Active Roles can do access based on dynamic implementation.

The permission management feature is also excellent, clearly showing delegated permissions. Active Roles tells you when any permissions are done without going into this crazy fine-grained permission strategy that is horrible compared to Active Roles' template-based permissions. You can design on your own. It easily shows where all the permissions are delegated.

Unfortunately, you can't do much with zero trust and Active Roles at the moment unless you combine them with Safeguard. It lines up with using zero trust if you combine a couple of different workflows together.

Active Roles can fix many little problems that have never been resolved and have lingered for years, continuing to annoy people. For example, you can't search by object GUIDs. The manual says you can, but it hasn't worked in five years. 

I have been using Active Roles for about 15 years.

I would rate the stability of the Active Roles eight out of 10. It's a fairly stable product but not perfectly reliable.

Active Roles is super easy to scale.

I rate One Identity support 10 out of 10. Customer service and support are fantastic. The support team is very responsive. I love those guys.

Positive

I have used KAOSoft and AD Access previously. Active Roles has PowerShell modules and a whole PowerShell backend that none of the other solutions do. That's where they lose the most. PowerShell makes a considerable difference compared to those other applications.

The initial setup is generally straightforward. It takes a week or two for an inexperienced organization to set it up, but I can do it in a day or less. It could involve multiple teams, depending on what you're doing. For example, if you're integrating Exchange, you need Exchange admins to be involved.

Active Roles always saves my clients money, mostly in licensing and service renewal.

The pricing for Active Roles is expensive but not as expensive as other solutions like Okta.

I have evaluated KAOSoft, AD Access, and Okta, among others.

I rate One Identity Active Roles 10 out of 10. Managing singular identities without a management suite is difficult. Active Roles is not an identity and access management solution. It's an Active Directory management suite.

I use it primarily for granting, managing, and auditing access.

The ways Active Roles has improved the way we operate are through workflows and user onboarding, automatic user management, group permissioning, adding users to the right groups based on the department, and distribution list creation based on dynamic group membership and active users.

And because of the single interface and workflows, it has simplified AD and Azure AD management efficiency and security.

The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

I have been using One Identity Active Roles for eight months.

It's a stable product.

It's also a scalable product. We have about 14,000 users.

The best thing about their Premier Support is their assistance with customization and resolving issues that arise.

Positive

Our company chose One Identity Active Roles rather than something else because of the auditing capabilities and workflow capabilities.

The initial setup was quite easy, but it was time-consuming. It took about three months.

It's expensive.

Compared to native Active Directory tools, in terms of accuracy and security, Active Roles is a nine out of 10.

Understanding the requirements and the key areas on which you want to focus before deploying it is vital to making sure it caters to your needs.

Overall, it enables a lot of automation and workflow-type processes. It also allows for human intervention and has auditing and reporting capabilities that include generating an automated report on a periodic basis for management review.

We use it for various purposes, such as automating tasks in an Active Directory environment. 

It assists the help desk in doing certain tasks in a more controlled manner, for instance, setting up new users. We enforce required fields to prevent setting up users without them, ensuring that certain fields meet specific requirements. It also facilitates easier management of various security features than Active Directory.

It has helped increase operational efficiency in our organization. We have a clear structure. There is a reduction in the mistakes.

It is an easier way for me to manage Active Directory with more advanced features.

The console helps with granular control.

There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.

I have used the solution for a bit more than three years.

It is stable. I would rate it an eight out of ten for stability.

It seems scalable.

It is good. I would rate them a nine out of ten.

Positive

It is good, and I would recommend it, but you should do a proof of concept and see if it works for your environment. 

Overall, I would rate the solution an eight out of ten.