One Identity Active Roles Reviews

Our main use case for One Identity Active Roles is Active Directory management, user provisioning, and access control automation. We use it to simplify repetitive administrative tasks and enforce role-based access policies across the organization. In day-to-day work, one common example is onboarding new employees. Instead of manually creating accounts and assigning permissions in Active Directory, One Identity Active Roles automates the process through predefined templates and workflows. When HR submits a new employee request, the tool automatically creates the user account, assigns the correct group, mailbox, permission, and OU placements based on the employee's department and role. This has reduced manual efforts, minimized configuration errors, and improved compliance and auditing.

The best feature of One Identity Active Roles is definitely its automation and role-based access control capabilities. What stands out most is how it centralizes Active Directory, Entra ID, and Microsoft 365 administration into a single console while enforcing least privilege access and policy-based management. Another feature I really appreciate is the workflow automation for user lifecycle management. Tasks including onboarding, off-boarding, group assignment, mailbox provisioning, and access removal can all be automated using templates and policies. It saves a lot of administrative time and reduces manual errors.

The auditing and change tracking features are also very useful because they provide visibility into who made changes, what changes were made, and when they happened. This helps a lot with compliance and troubleshooting.

From an operational perspective, the fine-grained delegation is probably the most valuable capability. It allows organizations to give limited administrative rights to help desks or regional IT teams without granting full domain admin privilege, which improves security significantly. One situation where the automation features made a huge difference was during a large onboarding project after our company expanded to multiple regional offices. Earlier, user provisioning was mostly manual, so creating accounts, assigning groups, mailbox permissions, and applying policies for hundreds of users would take a lot of time and often resulted in inconsistencies. After implementing One Identity Active Roles, we created automated workflows and templates based on departments and job roles. During the onboarding phase, HR requests automatically triggered accounts creation, correct OU placement, security group assignment, and Microsoft 365 access provisioning. What previously took hours per batch was reduced to just a few minutes, and the number of access-related tickets dropped significantly.

While One Identity Active Roles is a strong identity and access management solution overall, there are a few areas where it could improve. One challenge we experienced was the initial setup and configuration complexity. Deploying workflows, policies, and delegation models require careful planning and a good understanding of the Active Directory environment. For organizations without experienced administrators, the learning curve can feel quite steep in the beginning. The user interface could also be more modern and intuitive. Some administrative tasks require navigating through multiple menus and the overall experience could be simplified for faster day-to-day management. Another area for improvement is reporting and customization. While the auditing features are good, creating highly customized reports sometimes requires additional efforts or scripting knowledge. More built-in reporting templates and easier dashboard customization would be helpful.

We have also noticed that troubleshooting workflows or synchronization issues can occasionally take time because the logs can be very detailed and technical. Better diagnostic tools and simpler error explanations would improve the operational experience. That said, once the platform is properly configured and maintained, it performs reliably and delivers strong automation, delegation, and governance capabilities. One additional area where One Identity Active Roles could improve is cloud integration and hybrid environment management. While it works well with Active Directory and the Microsoft environment, organizations moving heavily towards cloud-first infrastructure may want even deeper and more seamless integration with modern SaaS platforms and identity providers. Performance optimization in large environments could be improved. In very large enterprise deployments with complex workflows and multiple managed domains, some administrative actions and synchronization tasks can occasionally feel slower than expected.

Another point is documentation and onboarding resources. The product is feature-rich, but some advanced configurations require going through extensive documentation. More practical examples, guided setup wizards, and easier to follow best practice guides would help new administrators adopt the platform faster. Overall, the core functionality is solid, and most of the pain points are related more to usability, complexity, and modernization rather than the reliability. One additional improvement I would mention is around integration flexibility with third-party ITSM and DevOps tools. While the platform integrates well within Microsoft-centric environments, broader out-of-the-box integration and simpler API workflows for non-Microsoft ecosystems would make deployment and automation easier for organizations using diverse infrastructure. Another area is upgrade and migration simplicity. In enterprise environments, version upgrades and environment migration sometimes require careful planning and testing. Streamlining that process with more automated compatibility checks and migration assistance would reduce operational overhead.

I have been using One Identity Active Roles for around two years in our enterprise environment mainly for Active Directory automation, user provisioning, and role-based access management.

One Identity Active Roles has been a stable and reliable platform overall in our experience, especially once the environment is properly configured and maintained. We use it for daily Active Directory administration, automation workloads, delegated access, and auditing, and it has handled these workloads consistently without major downtime issues. From an operational standpoint, the core automation and delegation features have been dependable, and the platform reconnects and recovers well after temporary infrastructure interruptions. The reliability is one of the reasons it became an important part of our identity management processes. Similar views are reflected in industry reviews where many users describe the platform as stable and reliable for enterprise Active Directory management workloads.

One Identity Active Roles has scaled well in our experience, especially as our organization expanded across multiple departments and regional environments. As the number of user groups and administrative requests increased, the platform helped us maintain centralized control and consistent policy enforcement without needing to scale the administration team at the same rate.

One of the biggest successes was the ability to standardize onboarding, off-boarding, and access management workflows across the different business units. The automation and delegated administration model made it easier to support growth while keeping operational processes consistent and secure. Another challenge was managing customization at scale because as more departments requested unique workflows and approval processes, the governance and configuration management became more complex, so maintaining centralized policies was important.

Overall, the platform handled organizational growth effectively and provided good scalability for enterprise-level Active Directory and One Identity administration environments.

The customer support for One Identity Active Roles is generally viewed as good by enterprise users, especially for complex Active Directory environments, but experiences can vary depending on deployment complexity and team expertise. Many reviews praise the vendor for responsive technical assistance, ongoing product updates, and strong enterprise-level guidance, helping to automate the AD delegation setups. Positive feedback commonly mentions constant updates and the support from the development team, reliable help during the deployment and automation setups, and good support for hybrid AD and Entra ID environments. However, there are some recurring complaints. Troubleshooting can become difficult because the platform itself has a steep learning curve. Documentation and scripting guidance are sometimes considered insufficient. Log interpretation and portal configuration are not always intuitive. Overall for mid-size and large enterprises with experienced IAM and AD teams, support is usually considered dependable. Smaller teams or organizations without deep Active Directory expertise may find onboarding and advanced troubleshooting challenging at first.

Before implementing One Identity Active Roles, most of our Active Directory administration was handled directly through native Microsoft AD tools and a mix of manual PowerShell scripting. As the environment grew, managing user permissions and compliance manually became increasingly difficult and time-consuming. We needed better automation, centralized administration, delegated access control, and more detailed auditing capabilities. We evaluated a few identity governance and AD management solutions, but One Identity Active Roles stood out because of its strong workflow automation, fine-grained delegation, policy-based management, and integration with the Microsoft environment.

The ability to reduce reliance on full domain admin privilege and standardize administrative processes was a major reason for the switch. Another key factor was compliance and auditing. Native tools provided limited visibility and required more manual effort for tracking changes and generating audit reports, whereas One Identity Active Roles gave us centralized auditing and governance capabilities out of the box.

Integrating One Identity Active Roles with our existing IT infrastructure was moderately complex but manageable since our environment was already heavily based on Active Directory and Microsoft technologies, so the integration process was relatively smooth. However, designing workflows and delegation model synchronization policies requires careful planning and testing. Once implemented, the platform integrates well with our directory service and centralizes many administrative functions efficiently.

We have definitely seen a positive return on investment after implementing One Identity Active Roles, mainly through automation, reduced administrative efforts, and improved operational efficiency. One of the biggest measurable improvements was onboarding and provisioning time. Before One Identity Active Roles, creating and configuring a new user account manually could take around 30 to 45 minutes, depending on access requirements. After implementing automated workflows and templates, the process dropped to under 10 minutes in most cases. Similar improvements were seen for off-boarding and access modification requests. We have also experienced a notable reduction in help desk workload. Password resets, account unlocks, and group management tasks became faster and more standardized, related to identity access and management, decreasing by roughly around 30 to 45 minutes, allowing the IT team to focus more on strategic initiatives rather than repetitive operational tasks. Similar efficiency gains have also been highlighted in One Identity customer care studies. We did not necessarily reduce headcount, but we were able to scale operations without needing to expand the identity administration team at the same pace as organizational growth. That operational scalability alone delivers strong long-term value for the business.

Regarding pricing and licensing, our experience is that the platform is positioned more towards mid-size and enterprise organizations. The license and setup costs can feel relatively high for small businesses, especially when implementation services and customization are included. However, for our large environment managing compliance and Active Directory operations, the automation, security, and operational efficiency gains can justify the investment over time.

Before selecting One Identity Active Roles, we evaluated a few other identity and Active Directory management solutions. The main alternatives we looked at included Microsoft native Active Directory administration tools combined with PowerShell automation, ManageEngine ADManager Plus, and Netwrix identity and auditing solutions. We also reviewed some broader IAM platforms including SailPoint and CyberArk for governance and privileged access capabilities, but those solutions were more focused on enterprise identity governance and PAM rather than streamlined Active Directory administration and delegation. We ultimately chose One Identity Active Roles because it offered the best balance of workflow automation, fine-grained delegation, policy-based administration, and auditing, especially for Microsoft-centric environments. The ability to centralize AD administration while enforcing least privilege access was a major differentiator for us.

My advice for others considering One Identity Active Roles would be to properly plan the deployment and understand your Active Directory structure before implementation. The product is very useful for automation, delegation, and user lifecycle management, but it delivers the best results when configured carefully. It is also helpful to have a team member with good AD knowledge and to test workflows in a staging environment before moving to production.

One Identity Active Roles is a strong solution for organizations that need advanced Active Directory management, automation, and delegation capabilities. It has a bit of a learning curve, but once implemented properly, it can significantly reduce manual effort and improve operational efficiency. The platform is especially valuable for large or complex AD environments where automation and governance are important. One Identity Active Roles has had a very positive impact on our organization, especially in terms of productivity, security, and compliance. From a productivity perspective, it has significantly reduced the amount of manual work for the IT team. Tasks including user onboarding, off-boarding, password reset, group management, and permission assignment are now largely automated. This allows the administrators to focus more on strategic projects instead of repetitive operational tasks. We have also noticed faster turnaround times for account provisioning and fewer support tickets related to access issues. In terms of the biggest improvement, it came from role-based access control and fine-grained delegation. Instead of giving broad administrative privilege, we can now assign limited permission based on responsibilities. This reduced the risk of accidental or unauthorized changes in Active Directory and improved our overall security posture. I would rate this solution an 8 out of 10.

My main use case for One Identity Active Roles is automating Active Directory administration and user lifecycle management. I primarily use it for user onboarding and offboarding, membership management, delegation of tasks, and enforcing policies such as naming convention and access controls. Overall, it helps streamline and secure operations in Microsoft Active Directory while reducing manual efforts.

One Identity Active Roles has had a very positive impact on our organization, especially in terms of efficiency, security, and standardization. One of the most noticeable improvements is in user lifecycle management. Tasks such as onboarding and offboarding, which were previously manual, are now automated. This reduced onboarding time from around thirty to forty-five minutes to under ten minutes, especially when working with Microsoft Active Directory. It has also significantly improved our team's workload.

Routine tasks such as password resets and account unlocks are delegated to the help desk, which reduced the burden on senior admins and improved response times for end-users. Another key outcome is error reduction. Since policies enforce naming conventions and group assignments, manual mistakes dropped by around seventy to eighty percent, ensuring consistency across the environment. From a security and compliance standpoint, auditing and role-based access control helps us enforce least privilege and maintain clear visibility of all changes. This made audits faster and much easier to manage.

From a workload perspective, around sixty to seventy percent of routine tasks such as password resets and account unlocks were delegated to the help desk. This reduced dependency on senior admins and allowed us to focus on more critical tasks such as security and infrastructure. In terms of measurable outcomes, onboarding time reduced from thirty to forty-five minutes to five to ten minutes per user. Error reduction was around seventy to eighty percent, especially for group assignments and naming conventions due to policy enforcement. Ticket resolution time improved significantly. Common requests that earlier took hours due to escalation were resolved in minutes. For audits, what used to take hours of manual tracking can now be done in a few minutes using the built-in logs and reports in Microsoft Active Directory. Overall, it helped us reduce manual efforts, improve accuracy, and make the team much more efficient and proactive.

The best features of One Identity Active Roles in my experience are automation, delegation, and centralized management. Those really stand out. First, automation and workflows are the most impactful. One Identity Active Roles can automate user provisioning, group management, and lifecycle processes, which reduces manual work and ensures consistency across the environment. Second, delegation with least privileges through role-based access control is a key strength. It allows us to assign specific tasks to teams such as the help desk without giving full admin access, improving both security and operational efficiency.

Another standout feature is policy-based administration. It enforces rules automatically, such as naming conventions or access policies, so everything stays standardized and compliant without manual checks. I would also highlight centralized management. It gives a single interface to manage multiple environments such as on-premises Active Directory, cloud directories, and even hybrid setups, which simplifies administration significantly. Finally, auditing and reporting is very useful. It tracks all the changes and activities, which helps with compliance, troubleshooting, and security monitoring. The combination of automation, delegation, policy enforcement, and centralized control is what makes One Identity Active Roles truly powerful.

Beyond the core features, capabilities such as Managed Units, dynamic groups, and self-service really enhance flexibility and usability in day-to-day operations. Managed Units allow us to group objects logically rather than relying only on the organizational unit structure in Microsoft Active Directory. This gives us a lot of flexibility in how we delegate access and apply policies across different teams or regions.

Dynamic groups management is another useful feature, where group membership is automatically updated based on user attributes such as department or roles. This ensures users always have the correct access without manual intervention. Self-service capabilities allow end-users or managers to request access or perform certain actions through workflows, reducing dependency on IT teams.

While One Identity Active Roles is a strong platform, a few improvements would make it even better. Many users feel the user interface is not very modern or intuitive, and it can take time to get used to navigating the console and workflows. Another improvement area is the learning curve and setup complexity. One Identity Active Roles is very powerful, but initial configuration, especially for policies, workflows, and delegation, can be complex and require experienced resources.

From an integration perspective, although it supports multiple systems, organizations would benefit from more out-of-the-box connectors and smoother cloud integrations such as Azure Active Directory and software-as-a-service applications, as some setups currently require customization. In terms of reporting, while auditing is strong, generating business-friendly reports can be challenging. Users have mentioned the need for better dashboards and easier report generation. There are also some performance considerations, especially in large environments, such as slower PowerShell execution or delays in dynamic group processing in certain cases. Overall, improvements in user interface, ease of use, integration, reporting, and performance optimization would significantly enhance the product experience.

I have been using One Identity Active Roles for around two years.

One Identity Active Roles has been quite stable and reliable overall in our experience.

In terms of scalability, One Identity Active Roles has performed well in our environment and has been able to grow with the organization. From what I have seen and based on industry feedback, it is considered a highly scalable solution, especially for large and complex environments. Many users rate its scalability quite high, around eight or nine out of ten, and mention that it can support enterprise-level deployments.

In our case, as the number of users increased, the system handled user provisioning and group management without major issues. We were able to scale by adding resources rather than redesigning the system. It continued to perform well even with more workflows, policies, and integrations in place. One Identity Active Roles works well in hybrid environments, handling both on-premises and cloud identities from a single platform, which helps as our organization expands.

The customer support for One Identity Active Roles has been generally very good and reliable in our experience. Most of the time, support responses are quick and helpful. Support engineers are knowledgeable about the product. The issues are usually resolved efficiently, especially for standard or known problems. This aligns with industry feedback as well. Many users mention quick response times, knowledgeable staff, and effective issue resolutions.

Before selecting One Identity Active Roles, we did evaluate a few other identity and access management solutions. Some of the main options we looked at included SailPoint, CyberArk, Okta, and Microsoft Entra ID. We also considered tools such as OneLogin and Saviynt, which are commonly compared in the same space. Ultimately, we chose One Identity Active Roles because it provides strong integration with Microsoft Active Directory, it offers powerful delegation and automation capabilities, and it fits well for organizations that need deep Active Directory management rather than only cloud identity and access management.

My experience with pricing and licensing for One Identity Active Roles is that it is generally on the higher side, but the value justifies the cost. In terms of licensing, it is usually based on a per-user or enabled Active Directory account model, which is fairly straightforward and easy to manage.

For pricing, many organizations consider it expensive compared to some alternatives, especially for large environments. However, the return on investment is strong because it reduces manual efforts, improves security, and lowers operational cost over time. Regarding setup cost, the initial implementation can require investing in licensing and sometimes professional services or consultants' time for proper configuration of policies, workflows, and delegation. The upfront cost can be noticeable, but once implemented, it becomes very efficient and scalable. Overall, I would say pricing is high but justified, licensing is simple and user-based, and the setup cost is moderate to high depending on complexity.

We have definitely seen a strong return on investment after implementing One Identity Active Roles. From a time-saving perspective, user onboarding time reduced by around seventy to eighty percent, from thirty to forty-five minutes to under ten minutes. Routine tasks such as password resets are now handled in minutes instead of hours. In terms of workload and staffing efficiency, around sixty to seventy percent of repetitive tasks are now handled by the help desk through delegation. This reduces dependency on senior admins, so we did not need to scale the team even as the number of users increased.

For error reduction, manual mistakes such as incorrect group assignments dropped by seventy to eighty percent due to policy enforcement. From a cost perspective, we avoided additional hiring as the organization grew. For compliance and audits, preparation time reduced from hours to a few minutes, thanks to built-in logging and reporting in Microsoft Active Directory. Overall, the return on investment comes from time savings, reduced errors, better resource utilization, and improved compliance, which together justify the investment.

One Identity Active Roles has really helped our team by standardizing and simplifying day-to-day Active Directory operations. For example, earlier we had multiple admins performing tasks differently, which sometimes led to inconsistencies. With One Identity Active Roles, everything is controlled through policies and templates, so all actions follow a consistent process. It has also improved our response time for user requests since many tasks are either automated or delegated to the help desk. Users do not have to wait for senior admins anymore.

Another important benefit is better control and visibility in Microsoft Active Directory. We can easily track changes, enforce rules, and ensure compliance without extra effort. Overall, it is not just about automation; it is also about making the environment more organized, secure, and efficient for the entire team.

My advice for organizations considering One Identity Active Roles would be to plan the implementation carefully and focus on best practices from the start. It is very important to design your delegation model and policies properly before deployment. One Identity Active Roles is powerful, but if roles, access templates, and workflows are not structured well initially, it can become complex later on.

I would recommend starting with a phased implementation. Begin with key use cases such as user provisioning and delegation, and then gradually expand to advanced features such as workflows and dynamic groups. Another key point is to follow the principle of least privilege. Assign only the minimum permissions required. This is actually one of the core best practices highlighted in the official guidance.

Overall, One Identity Active Roles is a very solid and reliable solution for managing Microsoft Active Directory environments. Its biggest strengths are automation, delegation, and policy-based control, which really help reduce manual efforts, improve security, and standardize operations. I would rate this solution nine point five out of ten.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is to simplify and secure the management of Microsoft Active Directory. In day-to-day work, it is mainly used for automating user lifecycle tasks such as creating, modifying, and disabling user accounts. Instead of doing everything manually, we can use workflows and policies to ensure it is done consistently.

Automation with workflows and policies in One Identity Active Roles has really reduced the amount of repetitive manual work I used to do in Microsoft Active Directory. Earlier, tasks such as user creation were completely manual. I had to create the account, assign groups, set attributes, and double-check everything. It was time-consuming and easy to miss something. Now with workflows and policies in place, most of that is automated. For example, when a new employee joins, I just trigger the process or it comes through a request. The workflow automatically creates the account, applies the correct naming convention, assigns groups based on the role or department, and even routes approval if needed.

Along with automation and diligence, one more important thing I would highlight is governance and compliance with One Identity Active Roles. Every change in Microsoft Active Directory is tracked, so we are always having a clear audit trail. That becomes really useful during audits or security reviews because we can easily show who made what changes and when. Also, the ability to enforce least privilege access is a big advantage. Instead of giving broad admin rights, we can tightly control permissions, which reduces risk. Overall, beyond just making tasks easier, it adds a strong layer of control, security, and visibility of AD operations.

One Identity Active Roles offers a strong mix of automation, security, and control when managing Microsoft Active Directory. Some of the best features from my experience are delegation with least privilege. Instead of giving full access to admin, we can assign very specific permissions. That improves security and reduces risk. Second would be automation with workflows and policies. Routine tasks such as user creation, group assignments, and provisioning are automated, which saves time and ensures consistency. Third would be centralized management. We can manage multiple Active Directory domains, Azure AD, and even Microsoft 365 from one place, which simplifies administration. Fourth would be dynamic group management. Groups can be managed based on rules instead of manual updates, which is very helpful in large environments. And lastly, auditing and reporting. It tracks all changes, so we know who did what and when, which is important for compliance and troubleshooting.

Both centralized management and dynamic group management have made a big difference for our team while using One Identity Active Roles with Microsoft Active Directory. With centralized management, earlier we had to jump between different tools or consoles to manage users across domains or services. Now everything is available in one place. Whether it is user accounts or groups or permissions, we handle it from a single interface. A good example is during bulk onboarding. Instead of coordinating across multiple admins or tools, one person can manage everything end to end, which saves time and avoids confusion. Coming to dynamic group management, this has really reduced manual effort. Earlier, whenever someone changed departments or roles, we had to manually update their group memberships. That was not only time-consuming but also error-prone. Now groups are based on rules, department, or job title. So if a user attribute changes, their group membership updates automatically. For example, if someone moves from sales to marketing, they automatically get removed from sales-related access and added to marketing groups without any manual intervention.

Along with centralized and dynamic management, one feature I really find valuable in One Identity Active Roles is the approval workflow and auditing capabilities. For sensitive changes such as modifying group membership or access rights, we can enforce approvals before anything is applied. That adds an extra layer of control. At the same time, everything is logged. So in Microsoft Active Directory, we always have a clear audit trail of who made what changes and when. This is especially helpful during audits or when troubleshooting issues. Overall, beyond just making administration easy, these features help ensure proper governance, accountability, and security.

Overall, One Identity Active Roles is a very powerful tool, but there are definitely areas where it can be improved. One area is the user interface. It can feel a bit outdated and not as intuitive, especially for a new user. A more modern and user-friendly UI would improve adoption and reduce the learning curve. Another improvement area is integration and cloud support. While it works well with on-premises Active Directory, integration with Azure AD and other cloud systems can be better and more seamless. Also, dynamic group processing and performance can sometimes be challenging in large environments, especially when there are complex rules. Optimizing performance in such cases would help. From a governance perspective, features such as attention and certification could be stronger as they are important for compliance-heavy environments. Lastly, improving integration with third-party systems and simplifying customization would make it easier for organizations to adapt it to their needs.

Along with UI and integration, I think One Identity Active Roles could improve in a few operational areas. One is reporting and dashboards. While auditing is strong, the out-of-box reports can be a bit limited or not very visual. A more customizable and user-friendly dashboard would help teams quickly get insights without extra effort. Another area is troubleshooting and error visibility. Sometimes when workflows or policies fail, the error messages are not very clear, so it takes time to identify the root cause. Better logging and clearer error messages would make support easier. Also, upgrades and maintenance can be a bit complex. Simplifying version upgrades and reducing downtime would be beneficial, especially in large environments. Finally, training and documentation for new users could be improved. Since the tool is quite powerful, having more straightforward guides or built-in help would reduce the learning curve for new admins.

Some additional improvements I would suggest include better cloud-native capabilities. As organizations move more toward cloud-first strategies, having stronger native support beyond Microsoft Active Directory would be helpful. Simplified customization is another area where, while the tool is powerful, customizing workflows or policies can sometimes be complex. Making this more low-code or user-friendly would improve productivity. Lastly, faster performance in large environments would also help because in environments with many objects and complex rules, performance tuning can be challenging. Overall, it is a very solid and reliable solution, especially for AD management, but enhancing cloud readiness, usability, and performance would take it to the next level.

I have been using One Identity Active Roles for more than a year now.

Overall, One Identity Active Roles is considered a stable and reliable solution based on both my experience and industry feedback. It is generally rated quite high for stability. Many users rate it around seven to nine out of ten. In day-to-day operations, it performs consistently, especially for core functions such as automation, delegation, and policy enforcement. There is typically no major downtime, and it handles routine Active Directory operations smoothly.

I would say One Identity Active Roles is highly scalable, especially for medium to large enterprise environments. It is designed to manage multiple domains, users, and even hybrid environments from a single platform. It can scale horizontally by adding more servers such as multiple administration services and handle large volumes of users and groups effectively. For example, it supports managing multiple Active Directory domains, Azure AD tenants, and even cloud integration from one console, which makes it suitable for growing organizations. Scalability also depends on proper design such as SQL performance, network latency, and the complexity of your workflows or dynamic groups in a very large environment. You may need tuning to maintain performance. Overall, it scales very well, but as an enterprise tool, it needs proper architecture planning as well.

My experience with customer support for One Identity Active Roles has been generally positive. The support team from One Identity is knowledgeable and understands the product well, especially for core areas such as workflows, delegations, and integration with Microsoft Active Directory. For standard issues, the response time is quite reasonable and the documentation and knowledge base are also helpful for troubleshooting. For more complex issues, it can sometimes take a bit longer as they may need deeper analysis or escalation, but they usually follow through until resolution. Overall, I would say the support is reliable and helpful, especially for enterprise environments, with occasional delays in more complex cases.

I would rate One Identity Active Roles customer support around eight out of ten. The main reason is that the support team from One Identity is knowledgeable and helpful, especially for standard issues and guidance around Microsoft Active Directory integration. They also provide good documentation and follow structured processes in resolving tickets.

Before moving to One Identity Active Roles, we were mainly relying on native tools, which are in Microsoft Active Directory, such as the default AD users and computer consoles and some powerful shell scripts. While those tools work, they have limitations, especially in larger environments. The main challenges we faced were a lot of manual effort for routine tasks, no centralized control for standardization, difficult implementation of fine-grained delegation, limited automation and workflow capabilities, and lack of proper auditing and compliance tracking. That is why we decided to switch to One Identity Active Roles, where it provided automation for repetitive tasks, better delegation with least privilege, policy enforcement for consistency, and strong auditing and reporting.

I would say integrating One Identity Active Roles with our existing infrastructure was moderate in terms of effort. It is not too difficult, but it does require proper planning. Since it is built to work closely with Active Directory, the core integration with on-premises AD was quite smooth. Connecting domains, syncing objects, and getting basic functionality up and running was straightforward. Where it gets a bit more involved is in customization and extended integrations. For example, setting up workflows based on business requirements and integrating with cloud services such as Azure AD. Also, configuring policies and delegation models properly requires a good understanding of both Active Directory structure and business processes. In large environments, planning things such as permissions, rules, and group structures upfront is important to avoid rework later. Overall, my assessment is that the initial setup is relatively smooth, especially for Active Directory, but achieving a fully automated, optimized, and customized implementation takes some time and expertise.

I have definitely seen a clear return on investment after implementing One Identity Active Roles, especially in terms of time-saving, efficiency, and reduced operational overhead in Microsoft Active Directory. To give a more direct example, I would add some points such as time saving on onboarding. Earlier, creating and configuring a user used to take around ten to fifteen minutes manually. With automation, it reduces to two to three minutes now. Another point is the reduction in manual workload. Routine tasks such as password resets and access requests are now delegated or automated. This reduces dependency on senior admins and allows the team to focus more on critical tasks. Third, we see fewer errors. With policy enforcing standards, we have seen a noticeable drop in issues such as incorrect permissions or missing attributes, which also reduces rework. For operational efficiency, instead of needing additional admin resources as the environment grows, the existing team can handle more workload due to automation. While it may not directly reduce headcount, it definitely avoids the need to hire more people.

My experience with pricing and licensing for One Identity Active Roles is that it is typically enterprise-oriented. The licensing is usually based on the number of enabled user accounts being managed in Active Directory, which makes it scalable as the organization grows. In terms of setup cost, there is an initial investment, not just for licensing, but also for implementation, such as setting up the environment, configuring workflows, and defining policies. If customization is involved, that can add to the cost as well. However, from a value perspective, it balances out over time because it reduces manual administrative effort, improves efficiency and productivity, and minimizes errors and security risks. While the upfront cost might feel on the higher side compared to native tools, the long-term benefits and operational savings make it worthwhile.

We did evaluate a few other options. We looked at native Microsoft Active Directory tools along with PowerShell scripting, but they lacked centralized management, automation, and strong delegation features. We also considered solutions such as ManageEngine ADManager Plus and Netwrix Auditor. ADManager Plus was good for basic automation and reporting, but it did not offer the same depth in delegation and policy control. Netwrix was strong in auditing and compliance, but it is more focused on monitoring rather than fully life-cycling management. The reason we chose One Identity Active Roles is that it offered a more complete solution combining automation, fine-grained delegation, policy enforcement, and auditing in one platform with strong integration with Active Directory. Overall, it gave us better control, scalability, and security compared to other options we evaluated.

My impression of the automation capabilities provided by One Identity Active Roles is very positive. It is one of the strongest aspects of the tool and has really streamlined how we manage Microsoft Active Directory. A good example is user onboarding. Earlier, it was a fully manual process creating the account, assigning groups, and setting attributes. Now, with automation, when a request comes in, the workflow handles everything automatically. Account creation, applying naming conventions, assigning the right groups based on department or role, and even triggering approvals if required. Another example is offboarding as well. When an employee leaves, the system can automatically disable the account, remove access, and update attributes. This ensures nothing is missed and improves security. We also use automation for group management. Instead of manually adding users to groups, dynamic rules handle it based on attributes such as department or job title. Overall, automation has reduced manual effort, improved consistency, and minimized errors. It also speeds up the turnaround time for requests, which is a big advantage for both IT and end users.

One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks in Microsoft Active Directory. Earlier, many tasks were manual, such as creating users, assigning groups, and managing permissions, which not only took time, but also increased the chance of errors. With One Identity Active Roles, a lot of that complexity is abstracted through automation policies and delegations. For example, instead of remembering multiple steps for user provisioning, we now rely on workflows that handle everything consistently. It also simplifies administration by providing a centralized interface. We do not have to switch between multiple tools or consoles. From a workload perspective, repetitive tasks have reduced significantly. Things such as password resets, access requests, and group updates are either delegated or automated, which frees up time for more critical tasks.

My experience with delegation in One Identity Active Roles has been very positive and it has really improved how we manage day-to-day operations in Microsoft Active Directory. Earlier, most administrative tasks were handled by a small group of admins, which created bottlenecks, especially for routine requests such as password resets or account unlocks. With delegation, we have been able to distribute these tasks to different teams such as the helpdesk, but with very controlled permissions. For example, they can reset passwords or unlock accounts, but they do not have access to sensitive operations such as deleting users or modifying critical attributes. This has had a big impact on our workflow. It reduced dependency on senior admins, improved response time for user requests, reduced workload on the core IT team, and ensured better security through least privilege access.

We have actively used the fine-grained permission control feature in One Identity Active Roles and it has had a strong impact on implementing least privilege in Microsoft Active Directory. Instead of giving broad admin access, we have defined very specific permissions based on roles. For example, helpdesk users are only allowed to reset passwords or unlock accounts, but they cannot modify critical attributes or delete users. This level of control has significantly reduced the number of privileged accounts in the environment. It also minimizes the risk of accidental or unauthorized changes. Another benefit is that the permissions are tied to roles, not to individuals. So it is easier to manage when people change teams or responsibilities. Overall, it has helped us enforce least privilege in a practical way, giving users exactly the access they need and nothing more, thereby improving both security and accountability.

My main advice for anyone looking to implement One Identity Active Roles is to focus on planning and design upfront. First, clearly define your roles, permissions, and delegation model before implementation. One Identity Active Roles is very powerful, but if the structure is not planned well, it can become complex later. Second, start with basic automation and policies and then gradually expand. Trying to automate everything at once can make troubleshooting difficult. It is better to take a phased approach. Third, I would say to implement least privilege principles from the beginning. Design delegation carefully so users only get the access they need. This avoids rework and improves security. Overall, my advice would be to plan well, start simple, and scale gradually because One Identity Active Roles is a very powerful tool, but it works best with a structured approach. I give this solution an overall rating of nine out of ten.

One Identity Active Roles serves as our absolute main solution for automating the entire user life cycle from day one onboarding to offboarding while enforcing strict role-based access. Before this implementation, we were drowning in manual tickets for setting up accounts, assigning groups, and provisioning mailboxes across our hybrid and Entra setup.

A classic scenario we deal with all the time involves departmental transfers. When an employee moves from finance to marketing and HR updates their department code, One Identity Active Roles automatically triggers a workflow that handles the transition overnight. This immediately revokes their finance-specific AD groups, strips their access to restricted financial folders, provisions them into the correct marketing distribution list and Entra ID roles, updates their manager attribute, and updates information in their company directory without any manual intervention. At the end, it sends an automated notification to their respective managers to confirm whether the access swap is completed. This entirely prevents privilege creep where moving departments causes people to accumulate leftover permissions.

One major benefit of One Identity Active Roles for our main use case is how much it simplified our compliance audits. Before we deployed it, trying to track down who granted specific permissions or why a user was added to a privileged group meant digging through endless active AD logs. Now One Identity Active Roles acts as a single choke point for all modifications, so everything is centralized and tracked automatically.

The absolute best features One Identity Active Roles offers include a fine-grained delegation policy framework that allows our regional IT teams and help desks the exact access they need to do their jobs without handing over broad, risk-native AD permissions. Close behind that is a workflow automation engine which handles our multi-stage approvals seamlessly.

We also heavily rely on the automated de-provisioning feature which ensures that when someone leaves, their access across on-prem and AD, Exchange, and Entra ID is instantly and cleanly stripped. Having all of this managed from a single web interface instead of hopping between multiple Microsoft consoles is a massive win for our daily operations.

Before we implemented One Identity Active Roles, our regional IT teams often needed domain admin or account operator rights just to perform routine tasks like modifying local group membership or updating specific user attributes, which was a massive security risk because the native AD did not give us the granular control to avoid it. Now we use the delegation policies to restrict them strictly to their own organizational units.

One Identity Active Roles has proven to be the absolute best product on the market for what it does, so we do not have any major complaints about it. It handles our hybrid AD and Entra ID environment so cleanly that it is tough to find a fault within the core product.

If I had to identify areas for improvement, I would note that when you start building highly advanced multi-stage approval workflows, the logic can get a bit complex and requires a solid understanding of the tool to maintain. Additionally, because it is so powerful, managing a massive library of custom scripts over several years takes more disciplined governance to keep things organized. However, in terms of out-of-the-box capability, scalability, and daily reliability, it is pretty much unmatched compared to its competitors.

I have worked in the current field for three and a half years.

One Identity Active Roles is very stable across multiple tiers. As more employees are added, we do not have to manage each of them individually. The scripts and automated One Identity Active Roles directory features take the workload out of our hands, effectively doing everything we described earlier, and each one takes the same amount of time regardless of the scale we are discussing.

We chose One Identity Active Roles because of its maturity and enterprise stability, as our roadmap was heavily anchored in a complex hybrid Microsoft ecosystem. One Identity Active Roles gave us absolute confidence that it could handle the deep attribute level security proxying without breaking a sweat, backed by broader enterprise support of One Identity fabric.

One Identity Active Roles' scalability is one of its strongest arguments due to its horizontal scale via proxy architecture. It scales out horizontally by utilizing multiple independent One Identity Active Roles administrator service hosts, allowing administrator and help desk operators and automated workflows to interact with the ARS proxy servers rather than hitting domain controllers directly, enabling user concurrency to scale indefinitely.

A few data configurations are required to maintain speed, such as keeping within the 1 ms latency rule and ensuring parallelism. In short, One Identity Active Roles scales beautifully to handle massive enterprise workloads with its ultimate ceiling determined entirely by how well you architect and tune its underlying SQL backend.

Overall experience with One Identity Active Roles customer support has been highly solid and technically competent. For standard support and routine inquiries, standard configuration or native Active Directory integration questions, the engineers are incredibly knowledgeable, usually rating a 9 out of 10 for technical insight.

However, there are edge cases where if you are dealing with complex and highly customized scripts inside an event-driven automation workflow or troubleshooting a bizarre synchronization error deep within your Microsoft Entra ID tenants, you can expect some delay because they really want to structure the escalation process to senior product engineers who understand the underlying database hooks. Their SLA responsiveness and severity tiers are incredible, using configuration questions to pinpoint the problem we are experiencing and curating their responses accordingly.

One Identity support portal is heavily built around a robust self-service model, and their knowledge base, release notes, and community forums are heavily populated and frequently updated.

Before One Identity Active Roles, we did not actually use a commercial third-party identity and access management software. Instead, we relied on a complex web of native Microsoft management tools combined with an extensive library of homegrown PowerShell scripts.

The integration process of One Identity Active Roles with our existing IT infrastructure and directory services was remarkably straightforward, mostly because One Identity Active Roles is built from the ground up to sit naturally on top of Microsoft architecture. Since we already had a well-defined Active Directory structure and established OU layout, the core deployment did not require us to tear down or re-engineer any of the existing infrastructure.

One Identity Active Roles basically overlays onto your directory, acting as a secure proxy layer rather than a disruptive overhaul. The initial setup for standard synchronization and basic policy enforcement took just a couple of weeks to get completely up and running. The majority of your time and effort is not technical friction with the product itself, but mapping out your business logic and defining your approval lines and planning your delegation roles before configuring them.

The return on investment from One Identity Active Roles has been incredibly clear and measurable for us. The time reclaimed by Tier 3 engineers is about 15 to 20 hours every single week for our senior systems and security engineers. The efficiency in user provisioning and offboarding, which used to take almost 24 to 48 hours due to a multi-step process, is now down to just 5 minutes, which is incredible for how it closed down the gap.

The help desk resolution speed for basic Tier 1 requests, including password resets, group modifications, and profile attribute updates, is now resolved on the very first call because we safely delegated these tasks to help desk through clean access templates, resulting in a nearly 80% drop in ticket escalation queues.

Our experience with the pricing, setup cost, and licensing of One Identity Active Roles reflects the platform's status as an enterprise-grade premium product. One Identity structured the Active Roles licensing per enabled user, making this model incredibly scalable and predictable since it only counts active enabled user accounts, meaning we are not paying for disabled accounts, service accounts, or the administrative overhead for Tier 1 and Tier 3 teams.

While the software installation process itself is very straightforward, the true setup cost is heavily tied to professional services and implementation. Because the tool is highly customizable, you will likely want to budget for One Identity professional services or a certified implementation partner during the initial phase.

Although the upfront capital expenditure for licensing and implementation services was a significant investment, the operational savings shifted from the bottom line almost immediately. By automating users' life cycle management and safely delegating tasks to Tier 1 support, we drastically reduced the workload for administrative personnel. The hours saved by Tier 3 engineers alone, around 15 to 20 hours every week from AD maintenance, allowed us to recoup our initial setup and licensing costs well ahead of schedule.

Before deciding on One Identity Active Roles, we evaluated multiple software solutions, including ADx by Softerra and ManageEngine ADManager Plus.

If you are in the position we were in a few years ago, stuck maintaining an ungodly amount of fragile custom PowerShell scripts and constantly stressing over broad AD permissions, One Identity Active Roles is a fantastic move. I advise fixing your business logic before you touch the software, as One Identity Active Roles is an incredibly flexible tool, but it will automate exactly what you tell it to do. If your organization's current identity life cycle process is messy, manual, and full of special exceptions, automating them will only create a faster automated mess.

I would advise sitting down with HR, security, and your regional IT leads before you start configuring workflows. Standardize exactly what happens when a user is hired, transferred, and terminated, and map out your approval chains on a whiteboard first. Once your business rules are clear on paper, plugging them into One Identity Active Roles engine is incredibly smooth.

Do not drop the One Identity Active Roles database onto a generic, over-located, shared SQL cluster. Treat it like a Tier 1 critical application. Leverage virtual attributes to protect the core schema by creating them as virtual attributes for custom fields to track employee IDs, contractor's end dates, or specific HR flags for automation, which keeps your native AD schema pristine and protects against accidental schema corruption. Finally, budget for professional services or training upfront, and plan your web interface views by persona, ensuring to build distinct web profiles tailored specifically to different personas to reduce human error and cut training time for junior staff to zero. I would rate this product a 10 out of 10 based on my overall experience.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is active Directory user lifecycle management, including provisioning, deprovisioning, and delegating admin rights securely across different teams.

I use One Identity Active Roles to automatically provision AD user accounts when HR creates a new employee record and also delegate limited OU-level admin rights to regional IT teams so they can manage users without full domain admin access.

I have also customized policies so contractors get time-bound accounts that auto-disable on expiry, which has reduced manual cleanup and improved compliance tracking.

The best features One Identity Active Roles offers are the fine-grained AD delegation through role-based access control, strong automation for user lifecycle management including joiner, mover, and leaver processes, and the ability to manage multiple AD and Entra environments from one console, which makes admin work much more controlled and scalable.

One Identity Active Roles role-based access control feature has helped us significantly by replacing manual ACL-based AD permissions with structured roles, so instead of assigning rights user by user, we just assign people to predefined job roles, and the correct access is applied automatically. In practice, this reduced many mistakes such as over-permissioning, and it made audits much easier because we can clearly show who has access and why instead of digging through individual group memberships.

Overall, the automation combined with delegation capabilities of One Identity Active Roles is the biggest advantage for us, but it does take time to properly design roles and policies upfront. Once that is completed, day-to-day AD management becomes much smoother and far less error-prone.

One Identity Active Roles has reduced a significant amount of manual AD admin work, improved security through tighter access control, and made onboarding and offboarding much faster and more consistent across teams.

We have roughly cut onboarding and offboarding effort by approximately 40 to 60 percent because most of the AD provisioning is automated. We have also seen fewer access-related incidents since role-based access control reduced over-permissioning and manual group changes.

The main improvement I would suggest for One Identity Active Roles is making the UI and policy configuration more intuitive. Currently, it can feel quite complex for new admins. Additionally, faster troubleshooting and clearer error messages would help significantly during setup and changes.

Reporting could also be stronger, especially out-of-the-box audit reports. We often end up customizing or exporting data to get the exact compliance view we need. Additionally, initial role design is powerful but somewhat time-consuming, so better templates or guided setup would really help speed things up.

One Identity Active Roles is generally considered stable in enterprise environments. In my experience, it runs reliably for day-to-day AD automation and delegation with very little downtime. Most issues we have seen are not core stability problems but occasional performance slowdowns or configuration-related behavior, especially in larger or more complex environments. Overall, once it is properly configured and tuned, it is stable enough for production use, even for critical identity lifecycle and role-based access control operations.

One Identity Active Roles is generally highly scalable in enterprise AD environments. In practice, it handles multi-domain, multi-forest Active Directory setups and even hybrid AD plus Entra ID environments quite effectively. It is commonly used in organizations with tens of thousands to hundreds of thousands of identities. From my experience, scalability is strong because it supports centralized management across multiple AD domains from a single console. Automation and workflows scale with user volume, so provisioning does not become more manual as users grow. Additionally, role-based delegation keeps admin overhead stable even as organization size increases. It is designed for large enterprise identity environments, not just small AD setups. The main things to watch at scale are performance tuning and database architecture planning, especially if workflows and auditing are heavily used. However, overall it scales effectively when properly architected.

Customer support for One Identity Active Roles has generally been good and technically strong in my experience. Support is usually responsive for critical issues and provides solid practical guidance for AD workflow problems. However, for low-priority tickets, the response time can sometimes be slower, and you may need to rely on documentation or knowledge base articles. Overall, I would rate support quality around an eight out of ten.

Before One Identity Active Roles, we relied mainly on a mix of manual AD management plus custom PowerShell scripts and a few basic identity tools that did not scale effectively. We switched because the scripting approach became hard to maintain, inconsistent across teams, and risky in terms of over-permissioning. One Identity Active Roles provided us centralized role-based access control, better auditability, and automation that reduced dependency on individual scripts and manual admin effort.

Integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately difficult at first, especially aligning it with existing AD structure and legacy scripts. However, once connectors and policies were properly configured, it became stable and fits effectively into our directory services ecosystem.

We have seen a clear return on investment with One Identity Active Roles, mainly in time savings and reduced manual effort rather than headcount reductions. Before One Identity Active Roles, onboarding, offboarding, and access changes used to require a significant amount of manual AD work across teams. Now, most of it is automated through workflows, so we have reduced provisioning and deprovisioning effort by roughly 40 to 60 percent, which translates to saving several hours per admin per week. Once a year, that effectively frees up close to one full-time admin's workload capacity, which we allocated to another IAM security task instead of hiring more staff. Additionally, we have seen fewer access-related incidents and audit corrections because role-based access control and delegation reduced over-permissioning. That is harder to put an exact number on, but it has definitely lowered compliance firefighting during audits and saved time on rework.

Our experience with One Identity Active Roles has been that pricing is on the higher side since it is enterprise licensing based on managed users, and setup cost is mainly around initial implementation effort and possibly some professional services for design and deployment. Licensing itself is a bit complex to understand at first, but once scoped properly, it is manageable. Overall, it felt expensive upfront but justified because of the automation and long-term reduction in admin effort and operational cost.

We did evaluate a few alternatives before going with One Identity Active Roles. We looked at Microsoft Entra ID Governance, SailPoint Identity Security Cloud, and Softerra Adaxes. In the end, One Identity Active Roles fit best for our environment because it was more focused on deep Active Directory management, delegation, and automation without a heavy identity governance and administration overhead, which matched our needs better than the broader governance platforms.

My advice to others looking into using One Identity Active Roles is to invest time in design before implementation, especially around role structure and OU permission modeling. One Identity Active Roles is powerful, but it only works as effectively as the role-based access control and delegation model you build. Start small with core use cases such as joiner, mover, leaver automation, and basic AD delegation, then expand into advanced workflows once the foundation is stable. Additionally, involve your AD and security teams early because cleanup of existing permissions is usually the hardest part.

Do not underestimate the learning curve. Once it is properly configured, it runs very smoothly, but the initial setup and policy design is where most teams struggle.

Delegation through One Identity Active Roles has worked very effectively. We have been able to safely give regional IT teams limited AD control without exposing full domain admin rights, which reduced bottlenecks on the central team and made user management much faster.

One Identity Active Roles has had a strong positive impact on our organization's compliance efforts because role-based access control delegation controls and audit logs make it much easier to prove least privilege and track who changed what in Active Directory. During audits, we can quickly generate evidence instead of manually collecting data from multiple systems, which has reduced both effort and risk of gaps.

We have consolidated most AD user provisioning, delegation, and lifecycle management into One Identity Active Roles instead of using multiple separate scripts and manual processes.

One Identity Active Roles automation capabilities are one of its strongest areas. For example, we have automated user onboarding where account group memberships and mailbox access are created from HR input without manual intervention and also auto-disable accounts after termination or contract expiry, which has reduced a significant amount of manual AD work. I would rate this product an eight out of ten overall.

On-premises

Other

My main use case for One Identity Active Roles is to simplify and automate Active Directory management. I use it for user provisioning, group management, and to handle access requests more effectively. It helps reduce manual effort and ensures consistency in user account changes.

One Identity Active Roles automates access requests through a predefined workflow. For example, when a new employee joins, their manager can request access via a simple form. The system automatically assigns the required groups based on their role and approvals are handled within the workflow, so no manual intervention is needed from the IT team.

The delegation feature lets us assign specific admin tasks to different teams without giving full domain access. This maintains security while still allowing teams to manage their own users. It also gives us better visibility through auditing and reporting.

I have seen clear, measurable improvements after implementing One Identity Active Roles. User onboarding time has reduced from around 30 minutes to just five to 10 minutes with automated workflows. That alone has saved our IT team several hours each week, especially during bulk hiring periods. I have also noticed a significant drop in errors related to incorrect group assignments and missed access, since everything now follows predefined policies. Earlier, these issues were very common with manual changes, but now they are very rare.

The best features of One Identity Active Roles are its automation, delegation, and strong control over Active Directory. The workflow automation is especially useful. It helps handle user provisioning, approvals, and changes without manual effort. It also offers role-based delegation so you can give limited access to teams without exposing full admin rights, which improves security.

Policy-based automation stands out because it ensures all changes follow predefined rules, so there is consistency across users and groups without manual checks. Features like dynamic groups and temporal access make it easier to manage users automatically based on roles or time-based needs.

One Identity Active Roles has had a very positive impact on our organization, mainly by improving efficiency and security at the same time. Tasks such as user provisioning, access changes, and password resets are now automated, which has significantly reduced manual workload and saved a lot of time for our IT team. Automation can cut manual effort by a large margin and speed up routine operations considerably.

The automation capabilities of One Identity Active Roles are one of its strongest points. It significantly reduces manual effort by handling routine tasks through workflows and policies. For example, when a new user is created, the system can automatically assign group memberships, set attributes, and apply naming conventions based on predefined rules. Similarly, for role changes, it updates access rights without needing manual intervention. Overall, it saves time, reduces errors, and ensures consistency across the environment.

One Identity Active Roles has significantly reduced both complexity and workload for our Active Directory administration. Tasks that used multiple manual steps, such as user creation, access changes, and group management, are now handled through automatic workflows. It also simplifies operations by providing a centralized console, so admins do not have to jump between different tools or scripts. It makes day-to-day management much more straightforward and less time-consuming.

One area where One Identity Active Roles can be improved is in the user interface. It can feel outdated and not very intuitive for new users. Some tasks require multiple steps or navigation through different sections, which can slow things down initially. A more modern and simplified UI would definitely improve the overall experience.

Another area for improvement is around integration and flexibility. While it works well with the core Microsoft environment, expanding smoother integration with more third-party tools and cloud platforms would make it even more versatile. This would help organizations manage hybrid environments more seamlessly. Overall, One Identity Active Roles is already a strong product, but small enhancements in integration and scalability would be beneficial.

I have been using One Identity Active Roles for three years.

One Identity Active Roles is stable.

One Identity Active Roles is generally considered highly scalable, especially for mid to large enterprise environments. From our experience and industry feedback, it handles growth quite well as the number of users, groups, and domains increase. The platform can scale without needing a complete redesign. For example, it can support larger user bases, even 100,000+ users in some cases, and still maintain performance with proper infrastructure planning.

Customer support is very good and responsive.

Earlier we were using native Active Directory tools and some PowerShell scripts for user and access management. While that worked, it was quite manual, time-consuming, and prone to inconsistency, especially as the environment grew. I switched to One Identity Active Roles to bring in automation, better delegation, and centralized control. Overall, the move helped us to standardize the process and scale more effectively as our user base increased.

Overall, the integration was fairly smooth and straightforward, especially since our environment is already based on Active Directory. One Identity Active Roles fits naturally into AD, so the initial setup and synchronization did not require major changes to our existing infrastructure.

I have definitely seen a strong return on investment after implementing One Identity Active Roles. One clear example is in user onboarding, where what earlier took around 20 to 30 minutes per user now takes only five to seven minutes, which has saved us several hours of IT effort. Also, we have reduced dependency on senior admins since many tasks are now delegated or automated, so fewer escalations are needed. Overall, the time saving, improvement in efficiency, and reduced manual effort have made the investment worthwhile.

My experience with pricing and licensing has been generally positive, though it does not feel like a premium product. The licensing model is straightforward, and once understood, typically based on the number of managed users, which makes it predictable as the organization grows. Overall, while the cost may be on the higher side compared to basic tools, the value it delivers in terms of automation, efficiency, and security makes it a worthwhile investment.

Before choosing One Identity Active Roles, I evaluated a few other options. I looked at Microsoft's native tools and Azure Entra ID, as well as some third-party solutions such as ManageEngine ADPlus Manager. I chose One Identity Active Roles because it offered a better balance of automation, policy-based management, and fine-grained delegation, which suited our environment more effectively.

I advise others looking into using One Identity Active Roles to plan out your workflows and policies carefully before implementation. One Identity Active Roles is very powerful, but you will get the most value if your processes are clearly defined from the start. Also, start with a phased approach. Begin with key use cases such as provisioning and delegation, then gradually expand to more advanced automation. This makes adoption smoother and avoids overwhelming the team. Finally, invest some time in training and documentation so your team can fully utilize the features instead of just using it as a basic AD tool. I would rate this product a 9 out of 10.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is to automate and secure user lifecycle management in Microsoft Active Directory, which helps reduce manual administrator efforts, enforce policies, and enable delegated administration with proper governance. For internal role changes, One Identity Active Roles updates access rights through control workflows, ensuring least privilege access. During employees' exits, accounts are automatically disabled and access is revoked. To maintain security, I use delegations to allow helpdesk teams to reset passwords and manage basic user attributes without giving full administrative rights. Approval workflows are implemented for sensitive access requests, ensuring compliance and audit readiness.

One Identity Active Roles centralizes and automates identity and access management for Microsoft Active Directory environments, primarily used to streamline user lifecycle management, enforce security policies, and enable role-based access control through delegated administrators. The solution helps reduce manual intervention and administrative tasks such as user account creation, modification, and deactivation, ensuring that access provisioning follows standardized workflows with proper approval, improving governance and compliance. Additionally, One Identity Active Roles provides auditing and reporting capabilities, which help organizations track changes, maintain compliance, and enhance overall security posture.

One of the standout features of One Identity Active Roles is its powerful automation capability, which streamlines user provisioning and de-provisioning processes and significantly reduces manual effort and minimizes human error. The delegation model is another key strength that allows organizations to assign limited administrative rights to helpdesk teams using role-based access control without granting full domain admin privilege, enhancing security. The approval workflow engine is highly valuable, ensuring that sensitive access requests go through proper authorization, improving governance and compliance. Additionally, the auditing and reporting capabilities provide complete visibility into changes made in Active Directory, which is critical for compliance and security monitoring. Finally, its seamless integration with Microsoft Active Directory and Microsoft Entra makes it effective in managing both on-premises and hybrid identity environments.

In addition to its core automation and delegation capabilities, One Identity Active Roles offers several advanced features that enhance identity management. One notable feature is policy-based management, allowing organizations to enforce standardized rules such as naming conventions, attribute validation, and access control policies automatically. The solution also provides a web-based interface, enabling self-service capabilities for end-users and simplifying administrative tasks for IT teams. Another valuable feature is its advanced auditing and reporting system, providing detailed insight into all changes made within Active Directory, which is particularly useful for compliance and security monitoring. One Identity Active Roles supports hybrid identity environments through seamless integration with Microsoft Active Directory and Microsoft Entra ID, allowing centralized management of both on-premises and cloud identities. Additionally, the solution includes flexible workflow customization, enabling organizations to design approval processes tailored to their business requirements. Overall, these additional features make One Identity Active Roles a comprehensive and scalable identity and access management solution.

One Identity Active Roles can be improved, as there are a few areas that could be enhanced. The initial setup and configuration can be complex, especially when designing workflows, policies, and delegation models. It requires proper planning and skilled resources to implement effectively. The user interface, although functional, could be more modern and intuitive, as new users may require some time and training to become comfortable with the system. Reporting flexibility could also be improved, as there are built-in reports that are useful, but more customizable and user-friendly reporting options would enhance the overall experience. Additionally, the license cost is relatively high, which may concern small- to mid-sized organizations. Improving documentation and providing more guided implementation resources would help organizations accelerate deployment and reduce dependency on external support. Overall, addressing these areas would make the solution more accessible and easier to adopt.

One Identity Active Roles is a mature and feature-rich solution, but there are a few areas where improvement would enhance the overall experience, such as simplifying the initial deployment and configuration process, improving the user interface, enhancing reporting capabilities by providing more flexible options, and offering better documentation with more detailed implementation guides. Additionally, optimizing licensing costs or offering more flexible pricing models could make the solution more accessible to a wider range of organizations.

I have been using One Identity Active Roles for around one to two years in an enterprise environment, primarily for Active Directory automations and access governance.

One Identity Active Roles is stable and reliable in my environment, as I experience consistent performance with minimal downtime, handling large-scale user management operations efficiently without performance degradation. Once it is properly configured, it runs smoothly and supports day-to-day identity management tasks without issue, with any minor issues encountered mostly related to configuration and integration rather than the core stability of the product. Overall, I consider One Identity Active Roles to be a stable solution, suitable for enterprise-grade environments.

The scalability of One Identity Active Roles in my experience efficiently supports a large user base of five thousand or more users without performance issues, handling increasing workloads such as user provisioning, access management, and workflow processing with ease. The architecture allows for scaling by adding additional One Identity Active Roles servers, enabling load distribution and improved performance as the environment grows, and performs well in a hybrid environment by integrating with Microsoft Active Directory and Microsoft Entra ID, making it adaptable to both on-premises and cloud-based identity management needs. Overall, the solution provides strong scalability and can grow alongside organizational requirements without significant limitation.

My experience with customer support for One Identity Active Roles has been generally positive, as the support teams are knowledgeable and capable of handling technical issues related to configuring workflows and integration, responding promptly and helpfully to critical issues to ensure minimal operational impact. For standard or low priority cases, response times can vary, but the overall support quality remains satisfactory. The availability of documentation and knowledge-based articles is helpful, although more detailed and implementation-focused guidance would further improve the experience. Overall, I rate customer support around eight out of ten for responsiveness and technical expertise.

I previously used a different solution, managing Microsoft Active Directory manually using native administrator tools and scripts, which provided basic functionality but lacked automation, centralized control, and governance features. Most user provisioning, modification, and access management tasks were performed manually, making it time-consuming and prone to human errors, with challenges in delegation and audit visibility. After moving to One Identity Active Roles, I achieve better automation, improved security through controlled delegation, and enhanced compliance with detailed auditing and reporting, significantly improving efficiency and reducing operational risk compared to the previous approach.

The initial setup and configuration of One Identity Active Roles can be complex, especially when designing workflows, policies, and delegation models. It requires proper planning and skilled resources to implement effectively. Organizations need to carefully coordinate the implementation process, involving multiple teams, including AD, security, and infrastructure, to ensure success.

I have observed a strong return on investment after implementing One Identity Active Roles, especially in terms of operational efficiency and risk reduction, as the automation of user lifecycle management reduces manual administrator efforts by approximately fifty percent, allowing IT teams to focus on more strategic tasks, while user provisioning timing decreases by around sixty to seventy percent, improving onboarding and overall service delivery. Overall, I believe the solution delivers solid ROI within a reasonable timeframe.

My experience with the setup cost and licensing of One Identity Active Roles is that it has been on the higher side, as expected for an enterprise-grade identity and access management solution. The initial investment includes licensing, infrastructure setup, and implementation effort, with licensing typically based on the number of managed users or accounts, which can increase costs in large environments. However, the overall cost is justified by the value it delivers, as the automation capabilities significantly reduce manual administrative efforts, lowering operational costs over time while minimizing security risks and helping avoid potential compliance penalties. From a long-term perspective, I observe a good return on investment due to improved efficiency, reduced errors, and better governance. Overall, while the upfront cost might seem high, the benefits and operational savings make it a worthwhile investment for medium to large enterprises.

My advice to organizations considering One Identity Active Roles is to clearly define their identity management requirements and plan the implementation carefully. Investing time designing workflows, delegation models, and policies before deployment ensures smooth operation and maximum benefit from the solution. Organizations should also conduct a proof of concept to validate key use cases such as lifecycle automation and access governance, and proper training for administrators and helpdesk teams is essential to fully utilize the platform's capabilities. Overall, One Identity Active Roles is highly recommended for organizations looking to streamline and secure Active Directory management. I provide this review with an overall rating of nine out of ten.

On-premises

Microsoft Azure

My main use case for One Identity Active Roles is to handle end-to-end identity life cycle process from user provisioning when an employee joins to modification during role changes, and secure de-provisioning when they leave. This ensures consistency, reduces manual error, and improves operational efficiency. Another key use case is policy-based administration. We enforce standardized naming conventions, attribute validation, and security policy across all AD objects. This helps maintain a clean and compliant directory structure. We also rely heavily on delegation and role-based access control, allowing teams like HR or service desk to perform specific activities without giving them full administrative rights. This improves both security and scalability. Additionally, One Identity Active Roles is used for workflow automation and approval, where access requests or changes go through predefined approval teams. This strengthens governance and ensures audit readiness. Overall, the main goal is to reduce manual effort, improve security, and enforce compliance.

One Identity Active Roles offers a powerful set of features that significantly improve automation, security, and governance in an Active Directory environment. One of the most valuable features is automation and lifecycle management. One Identity Active Roles allows us to automate provisioning, de-provisioning, and group management using workflows and policies. This reduces manual effort and ensures consistency across the organization.

Another key feature is policy-based administration. We can enforce business rules such as naming conventions, attribute validation, and access policies. This ensures that all changes in Active Directory follow a standardized and compliant approach. Delegation and role-based access control is also a standout feature. It enables fine-grained control over who can perform specific tasks, ensuring least-privileged access while distributing administrative responsibility efficiently.

One Identity Active Roles also provides single-pane-of-glass management for hybrid environments, allowing us to manage on-prem Active Directory, Azure AD, and Microsoft 365 from one interface. Another important feature is dynamic group management, where group memberships are automatically updated based on predefined rules. Additionally, the auditing and reporting capabilities are very strong. Every change is tracked with detailed logs, helping with compliance, troubleshooting, and audit readiness. Finally, integration and synchronization with systems such as HR tools, ServiceNow, and cloud platforms allow seamless identity management across multiple systems, making it a central hub for identity governance.

One of the biggest improvements has been operational efficiency by automating user lifecycle management, including onboarding, role changes, and off-boarding. We have significantly reduced manual effort and turnaround time. Tasks that previously took hours can now be done in a minute with far fewer errors. Another major impact has been on security and access control. With delegation and role-based access control, we have been able to enforce the principle of least privilege. Instead of giving broad administrative rights, we assign very specific permissions, which has reduced our risk exposure and improved our overall security posture. From a governance perspective, policy-based administration has helped us standardize how Active Directory is managed. This ensures consistency across the organization and eliminates issues caused by manual inconsistencies. Overall, One Identity Active Roles has helped us move toward a more automated, secure, scalable identity management model, aligning IT operations more closely with business needs.

While One Identity Active Roles is a very powerful platform, there are definitely areas where it can be improved to enhance usability and scalability. First is the user interface and experience. While it is functional, it can feel complex for a new user and less intuitive, especially for onboarding a new user. The second is the learning curve and setup. The initial setup and configuration, especially for policies, workflows, and delegation models, can be quite complex.

Third is reporting and analytics enhancement. Although auditing is strong, the reporting layer could be more flexible and visual, adding features such as more customizable dashboards and better visualization. Fourth is cloud and hybrid enhancement, such as a more seamless integration with Azure AD, Microsoft 365, and other SaaS platforms. Fifth is performance in large environments. In very large-scale deployments, some organizations may experience slower performance during complex queries or workflows. Sixth is documentation and training. While documentation exists, it can sometimes be too technical and not beginner-friendly. Overall, while One Identity Active Roles is already a robust and mature solution, improvements in usability, reporting, and cloud integration could make it even more powerful and accessible in the future.

I have been using One Identity Active Roles for four years.

In terms of stability, One Identity Active Roles is a very stable and mature platform. Once properly implemented, it runs reliably with minimal downtime, handles daily operations consistently, and scales well with organizational growth. Overall, One Identity Active Roles has proven to be a stable, reliable, and well-suited solution for managing Active Directory at scale.

One Identity Active Roles is highly scalable and well-suited for growing organizations. It can effectively handle a large number of users and groups across multiple domains and environments. As the organization grows, we do not need to proportionally increase the admin team. Automation handles repetitive tasks, and delegation distributes responsibility.

Our experience with One Identity customer support has been generally positive and reliable. For more complex issues, resolution may take longer, but overall, the support team is very helpful and knowledgeable.

I did not choose any implementation before One Identity Active Roles, nor did I evaluate any other options. This is my first experience with One Identity Active Roles.

My overall assessment is that integration with the existing IT infrastructure and directory services is moderately straightforward but requires careful planning. Since One Identity Active Roles is designed to work closely with Active Directory, the core integration is quite smooth. It connects natively with domain controllers, which makes onboarding relatively seamless in a standard Microsoft environment. However, the complexity increases when designing delegation models, configuration policies, and workflows. Basic integration is easy to moderate, and advanced configuration and customization are more complex and require expertise.

We have definitely seen a clear return on investment after implementing One Identity Active Roles. The ROI comes mainly from time savings, reduced workload, and improved efficiency rather than just direct cost reductions. For example, by automating onboarding and delegating routine tasks, we have been able to save significant administrative hours each month and avoid expanding the IT team, which directly contributes to cost savings.

Our experience with pricing and licensing for One Identity Active Roles has been on the higher side compared to native tools but justified by the value it delivers. Its pricing and licensing are based on the number of user-managed identities and the features and modules included. While the upfront cost may seem significant, it aligns with an enterprise-grade IAM solution.

One Identity Active Roles has had a significant positive impact on our organization's compliance efforts. One of the biggest advantages is the built-in auditing and traceability. Every action, whether it is user creation, group modification, or permission changes, is logged with clear details of who performed it and when. Additionally, policy-based administration ensures that all changes follow predefined rules, which reduces the risk of non-compliant configurations. One Identity Active Roles has significantly reduced both the complexity and workload of Active Directory administration. After implementation, routine tasks are automated, responsibilities are distributed through delegation, and policies ensure consistency automatically.

My advice to others considering One Identity Active Roles would be to treat it as a strategic investment rather than just a tool. Before implementing, clearly define your identity management processes. Plan your delegation model and policies carefully. Start with a key use case such as user lifecycle resolution. If implemented correctly, it can significantly improve efficiency, security, and governance, but planning is critical to fully realize its value.

Overall, One Identity Active Roles has proven to be a reliable and valuable solution for managing Active Directory at scale. While there are areas for improvement, I would suggest this as one of the best tools I have ever used across my experience. I would rate this solution a 9 out of 10.

Hybrid Cloud

Microsoft Azure

One Identity Active Roles simplifies and automates user account management in Microsoft Active Directory environments, helping me reduce manual efforts, improve accuracy, and enforce standardized access control processes. The primary tasks I rely on it for are user provisioning and de-provisioning, password resets, account unlocks, group membership management, and handling joiner, mover, and leaver processes.

One practical example of how I use One Identity Active Roles for user provisioning is during new employee onboarding. When HR shares the joining details, I use One Identity Active Roles to create the user account through a predefined provisioning template. The template automatically populates attributes such as department, manager, email alias, OU placements, and required security group membership based on the employee's role. For example, if a user joins the finance team, selecting the finance template automatically assigns the correct access groups, mailbox settings, and naming standards. This saves time, avoids manual errors, and ensures the user gets the right access on day one.

In addition to onboarding and offboarding, another key use case with One Identity Active Roles is access modification during internal role changes. When an employee moves from one department to another, I use One Identity Active Roles to update the user profile and align access rights with the new role. It helps remove old permissions and assign new group membership through predefined roles, which reduces the risk of excess access.

One Identity Active Roles delivers the best features mainly focused on automation, security, and simplified identity administration. First is automated user provisioning and de-provisioning, which streamlines account creation, modification, disabling, and access removal through workflows and templates. Second is role-based access control and delegation, which allows fine-grained delegation so specific teams can manage only their required users or groups without full admin rights. Third is approval workflows that ensure sensitive access requests go through manager or application owner approvals before implementation.

In addition to provisioning and workflow automation, I would highlight reporting, auditing, and integration capabilities as a major strength of One Identity Active Roles. First is reporting and audit readiness, which provides detailed reports on user accounts, group memberships, permission changes, and administrative actions. I can easily track who made what change, when it was made, and whether it succeeded or failed, which is very useful during audits, investigations, and compliance reviews. Second is change history and accountability, where the management history feature gives visibility into modifications on specific objects such as users or groups.

One Identity Active Roles has had a very positive impact on the organization, especially in terms of efficiency, security, and compliance. One specific outcome was significant time saving during user onboarding. Earlier, creating a new user account, assigning group membership, mailbox settings, and validating access used to take considerable manual effort. With predefined templates and automated workflows, the same process becomes much faster and more standardized, allowing new joiners to get access on time with fewer delays. Another key benefit was improved security during employee exits or urgent terminations. Instead of manually checking multiple access groups, the de-provisioning workflow could immediately disable accounts, remove privilege access, and trigger follow-up actions. This reduced the risk of orphaned accounts or unauthorized access.

Automation is one of the key strengths of One Identity Active Roles because it helps convert repetitive identity administration tasks into standardized, policy-driven workflows. This improves efficiency, reduces errors, and strengthens governance.

One Identity Active Roles is a strong product, but like any enterprise tool, there are areas where it could be improved. First is a modernized user interface, as some administrative consoles and workflows can feel dated compared to newer SaaS identity platforms. Second is faster cloud-native capabilities, as deeper native integration with Microsoft Entra ID, SaaS applications, and zero-trust ecosystems could be expanded further as organizations move towards hybrid and cloud-first environments. Third is simplified upgrades and maintenance, as enterprise customers usually prefer smoother upgrade paths, reduced dependency complexity, and easier patch management with minimal downtime. Fourth is enhanced analytics and AI recommendations, where features such as anomaly detection, role mining, duplicate access identification, and AI-driven recommendations for least privilege access would strengthen governance.

In addition to the product features, I would mention documentation, support, and ecosystem integration as areas that could be enhanced in One Identity Active Roles. First is documentation and knowledge base, as more step-by-step implementation guides, architecture best practices, troubleshooting flows, and real-world use cases would help administrators deploy and manage the product faster for enterprise tools where clear and updated documentation is very important. Second is technical support experience, as faster turnaround for complex issues, more proactive guidance during upgrades and migrations, and easier access to senior technical experts would improve customer experience given that support is generally important for an identity platform because they are business-critical systems. Third is a broader integration ecosystem, as having more ready-made connectors and APIs for HR systems, SIEM platforms, ITSM tools, PAM solutions, and cloud applications would reduce customization effort. Integration with Microsoft ecosystems, ServiceNow, Splunk, and other security tools can add strong value.

In addition to the broader improvements already mentioned, there are several smaller and more practical enhancements needed for One Identity Active Roles that would add value in day-to-day operations. These include faster bulk operations, better search and filtering, improved notification options, easier custom workflow design, better performance visibility, and stronger self-service capabilities.

I have been using One Identity Active Roles for more than two years.

One Identity Active Roles is generally a stable and reliable enterprise solution, especially when it is properly sized, maintained, and implemented according to best practices.

One Identity Active Roles is generally strong in scalability, and it is designed for enterprise environments with growing identity and directory management needs. It is commonly used in medium to large organizations managing complex Microsoft Active Directory and hybrid identity environments.

One Identity Active Roles support is generally good to very good, especially for enterprise customers with active support agreements. Industry reviews commonly describe support as responsive and technically knowledgeable.

I would rate the customer support for One Identity Active Roles an 8 out of 10. The main reasons are that support teams generally understand identity management workflows and Microsoft Active Directory environments well, and they are helpful for standard issues, configuration troubleshooting, and upgrade-related cases that are usually handled effectively. Complex cases can sometimes take longer to resolve, and escalation response times could be faster, which prevents a higher score.

Before adopting One Identity Active Roles, many organizations, including ours, primarily relied on a combination of native Microsoft Active Directory tools and manual processes and scripts for identity administration.

I would assess the integration of One Identity Active Roles with existing IT infrastructure and directory services as moderately easy to manageable, especially in environments already centered around Microsoft Active Directory. Because One Identity Active Roles is designed closely around AD administration, core integration with domain controllers, OU users, groups, and delegation administration is generally straightforward if the organization already has a well-structured AD environment, and deployment is usually smoother.

One Identity Active Roles has delivered a clear return on investment, mainly through time saving, reduced manual workload, and improved control over identity processes. First is time saved on user provisioning, as before automation, a standard onboarding request could take 20 to 30 minutes manually for account creation, group access, validation, and other communications. With templates and workflows, this reduces to around 5 to 10 minutes. If an organization handles 100 requests per month, that can save 20 to 35 plus admin hours monthly. Second is reduced dependence on senior administrators, as routine tasks like password resets, account unlocks, and basic updates could be delegated to service desk teams. This allowed senior AD administrators to focus on higher-value work, such as architecture, security reviews, and escalations rather than repetitive tickets.

One Identity Active Roles is positioned as an enterprise-grade solution, so it is not the lowest-cost option, but it can deliver strong ROI when used at scale. The licensing is generally based on the number of managed users, accounts, and environment scope, which is common for identity management platforms. One Identity documentation notes managed user-based licensing metrics and usage statistics to help track compliance and future needs.

Before selecting One Identity Active Roles, it is common to evaluate multiple options based on automation, delegation, reporting, hybrid identity support, and total cost of ownership. In my case, the main alternatives considered were solutions focused on Active Directory administration and identity lifecycle management.

Organizations looking into One Identity Active Roles should approach it as a strategic identity governance and administration platform, not just another AD management tool. It delivers the most value when implemented with clear processes, role models, and automated goals in mind. One Identity positions it around secure provisioning, delegation, and hybrid AD-Entra ID management. My overall rating for One Identity Active Roles is 9 out of 10.

Hybrid Cloud

Microsoft Azure

My main use case for One Identity Active Roles is mostly for Active Directory user lifecycle management and delegated admin control, especially handling user provisioning, role-based access, and reducing manual AD ticket work day-to-day.

Recently, for delegated admin control, I used One Identity Active Roles to automatically provision a new employee's AD account with the correct OU placement, group memberships, and email permissions based on their department. HR submitted a request, and the system handled most of the setup without manual AD changes.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory by removing a lot of repetitive tasks such as user provisioning, group updates, and access changes. At the same time, it has slightly shifted complexity upfront. I spend more effort designing policies and workflows, but once that is in place, ongoing administration becomes much simpler and more controlled.

The best features of One Identity Active Roles are the fine-grained delegation RBAC for Active Directory, so I can safely give help desk or L1 teams limited admin rights without exposing full AD control. It is also really strong in automating user provisioning, de-provisioning, and enforcing policies consistently across AD and Microsoft 365, which removes a lot of manual work and reduces mistakes in day-to-day operations.

The automation has reduced a lot of repetitive AD tasks. Tasks such as user creation, group assignments, and access changes that used to be manual tickets are now mostly automated through workflows. The team spends far less time on routine provisioning and more on actual issues or exceptions.

One Identity Active Roles helps a lot with controlling who can modify sensitive AD objects, so I reduce risk by giving help desk limited, policy-driven access instead of full admin rights, which keeps audits and compliance much cleaner.

One Identity Active Roles could be improved by making the initial setup and policy configuration simpler and more intuitive, especially for complex enterprise AD environments. Right now, it takes quite a bit of effort to fine-tune everything and get workflows exactly right.

Documentation could be clearer for advanced use cases, especially around complex delegation and custom workflows. Deeper out-of-the-box integrations with modern cloud identity tools could make hybrid environments easier to manage.

I have been using One Identity Active Roles for one year.

One Identity Active Roles is very stable overall in my environment. I rarely face downtime, and once it is properly configured, it runs reliably for day-to-day AD automation, provisioning, and delegation tasks. Occasionally, there are minor performance hiccups or slow responses during heavy loads, but those are usually resolved with routine maintenance or service restarts rather than any major issues. Overall, it is considered production-grade stable for enterprise AD environments, especially when governance and configuration are done properly.

One Identity Active Roles has very strong scalability for enterprise environments, especially in multi-domain or hybrid Active Directory setups. It handles large AD forests, multiple domains, and hybrid Azure AD environments well because it is designed to centralize management and apply policies consistently across everything from a single console. As long as it is properly architected, it can scale from mid-size setups to very large enterprise deployments without major issues. In practice, it scales well in terms of user provisioning, group management, and delegation workloads, but I do need to plan carefully, especially around policy design and server performance tuning when the environment becomes very large or complex. Overall, One Identity Active Roles offers enterprise-grade scalability, but success depends on good initial design.

Customer support for One Identity Active Roles is generally good and fairly technical. From my experience, the support team is knowledgeable about Active Directory and identity workflows, so they are helpful for configuration issues, troubleshooting, and upgrade-related problems. Most standard issues get resolved properly with clear guidance. However, for more complex or edge-case problems, resolution can sometimes take longer because it may require escalation or deeper investigation. Overall, it is solid enterprise-level support, just not always very fast for complicated cases.

I was previously relying on native Active Directory tools such as AD Users and Computers along with some manual PowerShell scripts for automation. I switched mainly because that setup was not scalable. Everything was too manual, script-dependent, and hard to govern consistently across teams, especially for delegation and audit tracking. One Identity Active Roles gave me a more centralized and policy-driven way to manage all of that.

The ease of integrating One Identity Active Roles with my existing IT infrastructure and directory services was moderately complex at the beginning, especially aligning it with existing AD structure and defining delegation models. However, once the initial setup and connectors were in place, it became fairly stable and easy to operate with my existing Active Directory and hybrid Azure AD environment.

I have seen a return on investment mainly through time savings and reduced operational load in Active Directory management. For example, after implementing One Identity Active Roles, I have reduced a lot of manual AD work such as provisioning, group changes, and access requests. Overall, it has led to roughly a 40 to 60 percent reduction in AD-related service desk tickets and manual effort, depending on the workload period. On the time side, tasks such as user onboarding that earlier took 15 to 20 minutes are now done in just a few minutes through automation and templates, which adds up to dozens of IT hours saved every month. I have also seen indirect savings because I do not need as many escalations to senior admins. Routine work is handled through delegation, so the same team can manage more users without additional headcount. In short, there is less manual work, fewer errors, faster onboarding, and better scalability without increasing team size.

My experience with pricing, setup cost, and licensing felt on the higher side since it is an enterprise-grade tool, and the licensing is typically based on managed user objects, so it scales with the environment size. Setup also requires some initial professional services and planning effort, but once implemented, it is stable and the cost is justified by the automation and reduced AD workload.

I evaluated a few alternatives before selecting One Identity Active Roles. The main ones were ManageEngine ADManager Plus, SailPoint Identity Security Cloud, and Microsoft Entra ID Governance. I also looked at Okta for broader IAM, but it was more SSO-focused rather than deep Active Directory delegation. I ultimately chose One Identity Active Roles because it was a better fit for deep, AD-level delegation on-premises plus hybrid control and fine-grained administrative workflows, which the others did not handle as cleanly in my environment.

My advice to others looking into using One Identity Active Roles is to invest time in proper planning before implementation, especially around your AD structure and delegation model. If you clearly define roles, OU design, and workflow rules upfront, One Identity Active Roles becomes very powerful and smooth to run, but if you rush setup, it can feel complex and messy later. Additionally, involve both security and AD admins early because it works best when both governance and automation are aligned from the start.

Overall, One Identity Active Roles is a solid enterprise-grade AD management tool that really shines in environments where you need strong delegation, automation, and compliance control. The biggest takeaway is that it pays off most when you invest time in proper design and governance upfront. Once that is done, it significantly reduces day-to-day AD workload and improves consistency across the environment. I would rate this product an 8 out of 10.