The best feature of One Identity Active Roles is definitely its automation and role-based access control capabilities. What stands out most is how it centralizes Active Directory, Entra ID, and Microsoft 365 administration into a single console while enforcing least privilege access and policy-based management. Another feature I really appreciate is the workflow automation for user lifecycle management. Tasks including onboarding, off-boarding, group assignment, mailbox provisioning, and access removal can all be automated using templates and policies. It saves a lot of administrative time and reduces manual errors.

The auditing and change tracking features are also very useful because they provide visibility into who made changes, what changes were made, and when they happened. This helps a lot with compliance and troubleshooting.

From an operational perspective, the fine-grained delegation is probably the most valuable capability. It allows organizations to give limited administrative rights to help desks or regional IT teams without granting full domain admin privilege, which improves security significantly. One situation where the automation features made a huge difference was during a large onboarding project after our company expanded to multiple regional offices. Earlier, user provisioning was mostly manual, so creating accounts, assigning groups, mailbox permissions, and applying policies for hundreds of users would take a lot of time and often resulted in inconsistencies. After implementing One Identity Active Roles, we created automated workflows and templates based on departments and job roles. During the onboarding phase, HR requests automatically triggered accounts creation, correct OU placement, security group assignment, and Microsoft 365 access provisioning. What previously took hours per batch was reduced to just a few minutes, and the number of access-related tickets dropped significantly.

View full review »

The best features of One Identity Active Roles in my experience are automation, delegation, and centralized management. Those really stand out. First, automation and workflows are the most impactful. One Identity Active Roles can automate user provisioning, group management, and lifecycle processes, which reduces manual work and ensures consistency across the environment. Second, delegation with least privileges through role-based access control is a key strength. It allows us to assign specific tasks to teams such as the help desk without giving full admin access, improving both security and operational efficiency.

Another standout feature is policy-based administration. It enforces rules automatically, such as naming conventions or access policies, so everything stays standardized and compliant without manual checks. I would also highlight centralized management. It gives a single interface to manage multiple environments such as on-premises Active Directory, cloud directories, and even hybrid setups, which simplifies administration significantly. Finally, auditing and reporting is very useful. It tracks all the changes and activities, which helps with compliance, troubleshooting, and security monitoring. The combination of automation, delegation, policy enforcement, and centralized control is what makes One Identity Active Roles truly powerful.

Beyond the core features, capabilities such as Managed Units, dynamic groups, and self-service really enhance flexibility and usability in day-to-day operations. Managed Units allow us to group objects logically rather than relying only on the organizational unit structure in Microsoft Active Directory. This gives us a lot of flexibility in how we delegate access and apply policies across different teams or regions.

Dynamic groups management is another useful feature, where group membership is automatically updated based on user attributes such as department or roles. This ensures users always have the correct access without manual intervention. Self-service capabilities allow end-users or managers to request access or perform certain actions through workflows, reducing dependency on IT teams.

View full review »

One Identity Active Roles offers a strong mix of automation, security, and control when managing Microsoft Active Directory. Some of the best features from my experience are delegation with least privilege. Instead of giving full access to admin, we can assign very specific permissions. That improves security and reduces risk. Second would be automation with workflows and policies. Routine tasks such as user creation, group assignments, and provisioning are automated, which saves time and ensures consistency. Third would be centralized management. We can manage multiple Active Directory domains, Azure AD, and even Microsoft 365 from one place, which simplifies administration. Fourth would be dynamic group management. Groups can be managed based on rules instead of manual updates, which is very helpful in large environments. And lastly, auditing and reporting. It tracks all changes, so we know who did what and when, which is important for compliance and troubleshooting.

Both centralized management and dynamic group management have made a big difference for our team while using One Identity Active Roles with Microsoft Active Directory. With centralized management, earlier we had to jump between different tools or consoles to manage users across domains or services. Now everything is available in one place. Whether it is user accounts or groups or permissions, we handle it from a single interface. A good example is during bulk onboarding. Instead of coordinating across multiple admins or tools, one person can manage everything end to end, which saves time and avoids confusion. Coming to dynamic group management, this has really reduced manual effort. Earlier, whenever someone changed departments or roles, we had to manually update their group memberships. That was not only time-consuming but also error-prone. Now groups are based on rules, department, or job title. So if a user attribute changes, their group membership updates automatically. For example, if someone moves from sales to marketing, they automatically get removed from sales-related access and added to marketing groups without any manual intervention.

Along with centralized and dynamic management, one feature I really find valuable in One Identity Active Roles is the approval workflow and auditing capabilities. For sensitive changes such as modifying group membership or access rights, we can enforce approvals before anything is applied. That adds an extra layer of control. At the same time, everything is logged. So in Microsoft Active Directory, we always have a clear audit trail of who made what changes and when. This is especially helpful during audits or when troubleshooting issues. Overall, beyond just making administration easy, these features help ensure proper governance, accountability, and security.

View full review »

The absolute best features One Identity Active Roles offers include a fine-grained delegation policy framework that allows our regional IT teams and help desks the exact access they need to do their jobs without handing over broad, risk-native AD permissions. Close behind that is a workflow automation engine which handles our multi-stage approvals seamlessly.

We also heavily rely on the automated de-provisioning feature which ensures that when someone leaves, their access across on-prem and AD, Exchange, and Entra ID is instantly and cleanly stripped. Having all of this managed from a single web interface instead of hopping between multiple Microsoft consoles is a massive win for our daily operations.

Before we implemented One Identity Active Roles, our regional IT teams often needed domain admin or account operator rights just to perform routine tasks like modifying local group membership or updating specific user attributes, which was a massive security risk because the native AD did not give us the granular control to avoid it. Now we use the delegation policies to restrict them strictly to their own organizational units.

View full review »

The best features One Identity Active Roles offers are the fine-grained AD delegation through role-based access control, strong automation for user lifecycle management including joiner, mover, and leaver processes, and the ability to manage multiple AD and Entra environments from one console, which makes admin work much more controlled and scalable.

One Identity Active Roles role-based access control feature has helped us significantly by replacing manual ACL-based AD permissions with structured roles, so instead of assigning rights user by user, we just assign people to predefined job roles, and the correct access is applied automatically. In practice, this reduced many mistakes such as over-permissioning, and it made audits much easier because we can clearly show who has access and why instead of digging through individual group memberships.

Overall, the automation combined with delegation capabilities of One Identity Active Roles is the biggest advantage for us, but it does take time to properly design roles and policies upfront. Once that is completed, day-to-day AD management becomes much smoother and far less error-prone.

One Identity Active Roles has reduced a significant amount of manual AD admin work, improved security through tighter access control, and made onboarding and offboarding much faster and more consistent across teams.

We have roughly cut onboarding and offboarding effort by approximately 40 to 60 percent because most of the AD provisioning is automated. We have also seen fewer access-related incidents since role-based access control reduced over-permissioning and manual group changes.

View full review »

The best features of One Identity Active Roles are its automation, delegation, and strong control over Active Directory. The workflow automation is especially useful. It helps handle user provisioning, approvals, and changes without manual effort. It also offers role-based delegation so you can give limited access to teams without exposing full admin rights, which improves security.

Policy-based automation stands out because it ensures all changes follow predefined rules, so there is consistency across users and groups without manual checks. Features like dynamic groups and temporal access make it easier to manage users automatically based on roles or time-based needs.

One Identity Active Roles has had a very positive impact on our organization, mainly by improving efficiency and security at the same time. Tasks such as user provisioning, access changes, and password resets are now automated, which has significantly reduced manual workload and saved a lot of time for our IT team. Automation can cut manual effort by a large margin and speed up routine operations considerably.

The automation capabilities of One Identity Active Roles are one of its strongest points. It significantly reduces manual effort by handling routine tasks through workflows and policies. For example, when a new user is created, the system can automatically assign group memberships, set attributes, and apply naming conventions based on predefined rules. Similarly, for role changes, it updates access rights without needing manual intervention. Overall, it saves time, reduces errors, and ensures consistency across the environment.

One Identity Active Roles has significantly reduced both complexity and workload for our Active Directory administration. Tasks that used multiple manual steps, such as user creation, access changes, and group management, are now handled through automatic workflows. It also simplifies operations by providing a centralized console, so admins do not have to jump between different tools or scripts. It makes day-to-day management much more straightforward and less time-consuming.

View full review »

One of the standout features of One Identity Active Roles is its powerful automation capability, which streamlines user provisioning and de-provisioning processes and significantly reduces manual effort and minimizes human error. The delegation model is another key strength that allows organizations to assign limited administrative rights to helpdesk teams using role-based access control without granting full domain admin privilege, enhancing security. The approval workflow engine is highly valuable, ensuring that sensitive access requests go through proper authorization, improving governance and compliance. Additionally, the auditing and reporting capabilities provide complete visibility into changes made in Active Directory, which is critical for compliance and security monitoring. Finally, its seamless integration with Microsoft Active Directory and Microsoft Entra makes it effective in managing both on-premises and hybrid identity environments.

In addition to its core automation and delegation capabilities, One Identity Active Roles offers several advanced features that enhance identity management. One notable feature is policy-based management, allowing organizations to enforce standardized rules such as naming conventions, attribute validation, and access control policies automatically. The solution also provides a web-based interface, enabling self-service capabilities for end-users and simplifying administrative tasks for IT teams. Another valuable feature is its advanced auditing and reporting system, providing detailed insight into all changes made within Active Directory, which is particularly useful for compliance and security monitoring. One Identity Active Roles supports hybrid identity environments through seamless integration with Microsoft Active Directory and Microsoft Entra ID, allowing centralized management of both on-premises and cloud identities. Additionally, the solution includes flexible workflow customization, enabling organizations to design approval processes tailored to their business requirements. Overall, these additional features make One Identity Active Roles a comprehensive and scalable identity and access management solution.

View full review »

One Identity Active Roles offers a powerful set of features that significantly improve automation, security, and governance in an Active Directory environment. One of the most valuable features is automation and lifecycle management. One Identity Active Roles allows us to automate provisioning, de-provisioning, and group management using workflows and policies. This reduces manual effort and ensures consistency across the organization.

Another key feature is policy-based administration. We can enforce business rules such as naming conventions, attribute validation, and access policies. This ensures that all changes in Active Directory follow a standardized and compliant approach. Delegation and role-based access control is also a standout feature. It enables fine-grained control over who can perform specific tasks, ensuring least-privileged access while distributing administrative responsibility efficiently.

One Identity Active Roles also provides single-pane-of-glass management for hybrid environments, allowing us to manage on-prem Active Directory, Azure AD, and Microsoft 365 from one interface. Another important feature is dynamic group management, where group memberships are automatically updated based on predefined rules. Additionally, the auditing and reporting capabilities are very strong. Every change is tracked with detailed logs, helping with compliance, troubleshooting, and audit readiness. Finally, integration and synchronization with systems such as HR tools, ServiceNow, and cloud platforms allow seamless identity management across multiple systems, making it a central hub for identity governance.

One of the biggest improvements has been operational efficiency by automating user lifecycle management, including onboarding, role changes, and off-boarding. We have significantly reduced manual effort and turnaround time. Tasks that previously took hours can now be done in a minute with far fewer errors. Another major impact has been on security and access control. With delegation and role-based access control, we have been able to enforce the principle of least privilege. Instead of giving broad administrative rights, we assign very specific permissions, which has reduced our risk exposure and improved our overall security posture. From a governance perspective, policy-based administration has helped us standardize how Active Directory is managed. This ensures consistency across the organization and eliminates issues caused by manual inconsistencies. Overall, One Identity Active Roles has helped us move toward a more automated, secure, scalable identity management model, aligning IT operations more closely with business needs.

View full review »

One Identity Active Roles has had a very positive impact on the organization, especially in terms of efficiency, security, and compliance. One specific outcome was significant time saving during user onboarding. Earlier, creating a new user account, assigning group membership, mailbox settings, and validating access used to take considerable manual effort. With predefined templates and automated workflows, the same process becomes much faster and more standardized, allowing new joiners to get access on time with fewer delays. Another key benefit was improved security during employee exits or urgent terminations. Instead of manually checking multiple access groups, the de-provisioning workflow could immediately disable accounts, remove privilege access, and trigger follow-up actions. This reduced the risk of orphaned accounts or unauthorized access.

Automation is one of the key strengths of One Identity Active Roles because it helps convert repetitive identity administration tasks into standardized, policy-driven workflows. This improves efficiency, reduces errors, and strengthens governance.

View full review »

The best features of One Identity Active Roles are the fine-grained delegation RBAC for Active Directory, so I can safely give help desk or L1 teams limited admin rights without exposing full AD control. It is also really strong in automating user provisioning, de-provisioning, and enforcing policies consistently across AD and Microsoft 365, which removes a lot of manual work and reduces mistakes in day-to-day operations.

The automation has reduced a lot of repetitive AD tasks. Tasks such as user creation, group assignments, and access changes that used to be manual tickets are now mostly automated through workflows. The team spends far less time on routine provisioning and more on actual issues or exceptions.

One Identity Active Roles helps a lot with controlling who can modify sensitive AD objects, so I reduce risk by giving help desk limited, policy-driven access instead of full admin rights, which keeps audits and compliance much cleaner.

View full review »

The best features of One Identity Active Roles that stand out to me are mainly automation, delegation, and policy enforcement, as these provide me the most value in a real-world environment, where automation helps in streamlining user provisioning, de-provisioning, and group management through workflows, significantly reducing manual effort and errors, while fine-grained delegation allows secure role-based access control so that service desk or junior admins can perform limited tasks without giving full domain access, improving security and reducing the risk of privilege misuse, and policy enforcement ensures that all objects follow predefined standards like naming conventions, mandatory attributes, and compliance rules, maintaining consistency across the environment, along with strong workflow management and approval processes for sensitive changes, dynamic group management, and detailed auditing and reporting that help track every change for compliance and security purposes, making One Identity Active Roles a powerful tool for centralized, secure, and efficient identity and access management.

One feature that I feel is not highlighted enough is the powerful auditing and reporting capability in One Identity Active Roles, which provides detailed tracking of every change made within the Active Directory through One Identity Active Roles, including who performed the action, what changes were made, and when, making it extremely useful for compliance, security investigation, and troubleshooting, and in addition, the ability to customize workflows and scripts using PowerShell integration is also very valuable as it allows extending functionality based on business requirements, automate complex tasks, and integrate with other system solutions more adaptively to different needs.

In our organization, One Identity Active Roles is deployed in a hybrid environment, where the core One Identity Active Roles components such as the administration service and management console are hosted on-premises within our data center for better control and security, while it also integrates with cloud services like Azure AD to support hybrid identity and access scenarios, allowing us to manage both on-premises and cloud-based identities centrally, which provides flexibility, scalability, and aligns with our organization's gradual cloud adoption strategy.

View full review »

One of the best features of One Identity Active Roles is its strong combination of automation, security, and centralized control, which makes Active Directory management much more efficient and governed. A standout feature is workflow automation, where repetitive tasks such as user provisioning, deprovisioning, and access changes are handled automatically based on predefined rules, saving time and reducing manual errors significantly. Another key feature is role-based delegation, which allows organizations to grant limited control access to helpdesks or junior staff without exposing critical admin privileges, ensuring a least privilege security model. One Identity Active Roles also offers policy-based management where rules enforce naming conventions, mandatory attributes, and compliance standards during any Active Directory changes, maintaining consistency across the environment. Additionally, features such as dynamic groups, memberships, and temporal access automatically add or remove users from groups based on coordination or time, which is very useful for managing temporary or role-based access. Finally, its auditing and reporting capabilities provide full visibility into who made what changes and when, helping with compliance, troubleshooting, and security monitoring. Overall, these features together make One Identity Active Roles a powerful tool for improving efficiency, strengthening governance, and securely managing identity and access management operations.

View full review »

The best features One Identity Active Roles offers include strong governance and lifecycle management capabilities, especially in environments where access control needs to be highly regulated. It helps ensure that a user only has access to what they truly need, reducing compliance-related risk. Additionally, the strongest point is how well it integrates with both legacy systems and modern infrastructure, which is very helpful for working with deep tech startups that require both legacy system capabilities and modern technologies.

One Identity Active Roles has positively impacted my organization by helping me gain clear visibility and control over user access across all systems. In regulated environments like HealthTech, it is much easier to demonstrate proper governance with specific policies aligned with the system. The automated access certification and audit trails help reduce manual effort in auditing by allowing me to generate reports directly instead of pulling data from multiple systems. This also helped me during regulatory reviews and internal audits by enforcing least privilege access and proper segregation of duties, which lowered the risk of unauthorized access.

Regarding reporting, One Identity Active Roles has helped me in healthcare reporting by building everything from a platform that is very adaptable to the current ecosystem. It helps integrate with microservices and APIs while accommodating older enterprise systems, which is another added advantage.

View full review »

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

View full review »

One Identity Active Roles enforces consistency in Active Directory administration. Before implementation, different administrators sometimes followed different processes for account creation or access changes. With One Identity Active Roles, workflows and policies help standardize those activities. It also gives us better visibility into who made changes and when, which has been useful during access reviews and audit-related activities.

The features that stood out most for me in One Identity Active Roles are delegated administration, automation, and role-based access control. Delegated administration made a big difference because it allowed the service desk to handle routine tasks such as password resets, account unlocks, and certain group management activities without giving them full Active Directory administrative rights. Automation was also valuable for onboarding and offboarding processes, helping reduce manual effort and maintain consistency. Another feature I found useful was the auditing capability since it provided better visibility into who made changes and helped during access reviews and compliance checks.

Automation had a noticeable impact on our team's efficiency because it reduced the amount of repetitive Active Directory work. Before One Identity Active Roles, user provisioning and access changes often involved multiple manual steps and validation checks. For example, onboarding required administrators to manually create accounts, assign groups, and verify permissions. With the automated workflow, much of that process became standardized, which reduced administrative effort and helped avoid administration mistakes. It also meant the Active Directory team spent less time on routine requests and more time on governance, access reviews, and improvement initiatives, although automation did not eliminate all manual work.

One of the biggest positive impacts of One Identity Active Roles was bringing more control and consistency to Active Directory. Before implementing it, many user and access management tasks relied heavily on manual processes and experienced administrators. With One Identity Active Roles, many of those activities became standardized through workflows, delegated administration, and role-based access control. From an operational perspective, it improved turnaround times for common requests, reduced the risk of unauthorized changes, and gave us better visibility into administrative activities.

From a governance and security perspective, I think One Identity Active Roles is one of the stronger areas of the product. It helps enforce role-based access control, delegated administration, and least privilege principles much more effectively than relying on native Active Directory administration alone. We had better control over who could perform specific tasks, and administrative activities were easier to audit and review. In terms of artificial intelligence capability, I would not say artificial intelligence is currently a major strength of the product. Most of the value comes from the policy-based automation, workflows, and governance controls rather than advanced artificial intelligence-driven decision-making.

View full review »

The features I find most valuable in One Identity Active Roles are delegated administration, workflow automation, and role-based access control. These features help reduce manual Active Directory management, improve governance, and allow different teams to handle routine tasks without requiring full administrative privileges.

One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations. It reduced manual administrative work, improved delegation of routine tasks, and provided better control over access management. As a result, administrative processes became more streamlined and easier to govern.

One noticeable outcome was a reduction in the time spent on routine Active Directory tasks. Delegation and automation helped teams to handle common requests more efficiently without involving senior administrators. We also saw fewer administrative errors because user and group management follows standardized processes. In addition, audit and access review activities became easier due to better visibility into changes and permissions.

Another feature I need to add is that the auditing and reporting capability provides better visibility into administrative changes and helps us during compliance and review troubleshooting. I also appreciate that One Identity Active Roles centralizes many Active Directory management tasks, making administration more organized and consistent across the different teams.

View full review »

The best features One Identity Active Roles offers in my experience include workflow automation, delegated administrations, user provisioning, de-provisioning, role-based access control, auditing, and hybrid Active Directory management. A workflow engine is especially valuable because it automates repetitive tasks such as onboarding, offboarding, and access requests, which saves time and reduces manual errors. I also appreciate the delegated administration features because they allow teams to handle specific tasks without giving full AD privileges, improving both security and efficiency, while the auditing and reporting capabilities are very useful for compliance.

Workflow automation has reduced repetitive manual work through onboarding, access requests, and account management, while delegated administrations allow support teams to handle routine tasks without full AD access. This has improved efficiency, reduced bottlenecks, and strengthened security through better access control and auditing.

I would like to highlight the auditing and reporting features of One Identity Active Roles because they provide good visibility into changes and help with compliance and troubleshooting. The fine-grained delegation and centralized management across Active Directory and cloud environments are also very valuable in our day-to-day activity.

One Identity Active Roles has impacted our organization positively because the biggest benefit has been reducing manual administration through automation and standardized workflows. Tasks such as onboarding, offboarding, group assignments, and access requests are now much faster and more consistent than before, thus helping create a more structured identity management process across the organization.

There are several positive outcomes since implementing One Identity Active Roles. Overall, the biggest gains have been time saving, improved consistency, reduced manual error, and better operational efficiency rather than a direct headcount reduction.

View full review »

The best features One Identity Active Roles offers are automation, delegated administration, role-based access control, approval workflow, and centralized auditing. For me, automation and delegated administration made the biggest difference because they reduce manual Active Directory workload and improve security by limiting unnecessary privileged access.

One area where One Identity Active Roles has positively impacted my organization is through automation and delegated administration. For example, instead of giving full domain admin rights to our service desk team, I delegate only specific tasks such as password reset, account unlock, or group management through our RBAC policies. On the automation side, when the employee leaves the organization, One Identity Active Roles automatically disables the account, removes group membership, and updates access policies, which reduces manual efforts.

View full review »

One Identity Active Roles offers excellent features that mainly focus on automation, governance, and secure Active Directory management. A few of them really stand out in daily use. One of the most important features is automated user and group provisioning. It allows us to create, modify, and remove user accounts based on predefined rules, which significantly reduces manual work and ensures consistency across the environment.

The automated user and group provisioning feature in One Identity Active Roles has had a very noticeable positive impact on our team, especially in terms of time saving and accuracy. Before automation, onboarding or updating a user required multiple manual steps in Active Directory, including creating accounts, assigning groups, applying permissions, and verifying everything. This was not only time-consuming but also prone to human error such as missing group assignment or incorrect permissions.

Another feature that stands out in One Identity Active Roles is the delegation and role-based administrative model. It allowed us to safely delegate administrative tasks for different teams without giving them full Active Directory privilege.

One Identity Active Roles has a strong positive impact on our organization, mainly by improving efficiency, security, and governance in Active Directory management. One of the biggest improvements is the reduction in manual administrative work. Tasks such as user creation, group assignment, and access updates are now automated in policies, which has significantly reduced IT efforts and processing time. This has also helped us to avoid common human errors such as incorrect group membership or missing permissions.

Since implementing One Identity Active Roles, we have seen clear improvement in both time efficiency and error reduction, especially in identity lifecycle management. In terms of time saving, the biggest impact is in onboarding and routine Active Directory administration.

One Identity Active Roles has a strong positive impact on our compliance efforts and regulatory readiness. The biggest improvement comes from centralized audit and change tracking. Every identity-related action, such as user creation, group change, or permission update, is automatically logged. This gives us a complete audit trail, which is very important during internal and external compliance reviews.

Overall, One Identity Active Roles has significantly reduced the complexity and workload in Active Directory administration in our organization. Before its implementation, most Active Directory tasks such as user provisioning, group updates, and permission changes were manual and often required coordination between multiple teams. This not only increased workload but also introduced delays and occasional errors.

The delegation capability in One Identity Active Roles has had a very positive impact on our workflow and operational efficiency. Previously, most Active Directory tasks had to go through a central IT or domain admin team. We can now safely assign specific responsibilities to different teams or a support group without giving them full domain-level access.

View full review »

The best features of One Identity Active Roles, in my opinion, are automated user lifecycle management, rule-based access control, and delegation, which allows us to automate the creation and modification of user roles, saving a lot of time while providing fine-grained access control with least privilege, thereby improving security.

The features are very helpful in daily work, especially with delegation, where we can give limited access to the help desk team to handle tasks like password resets or unlocking accounts without giving full admin rights, improving security and reducing the workload on senior admins.

One more useful feature of One Identity Active Roles is auditing and reporting, which tracks all changes made to user accounts and access, being very helpful for troubleshooting and compliance. Many people do not realize how useful this is for maintaining security and accountability.

View full review »

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

View full review »

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing capabilities.

The automation capability in One Identity Active Roles helps reduce manual Active Directory tasks by automatically handling user provisioning, deprovisioning, group assignment, and policy enforcement, which improves efficiency, consistency, and security.

One Identity Active Roles has positively impacted our organization by reducing manual Active Directory administration, improving security through role-based access control and delegated access, speeding up onboarding and offboarding processes, and enhancing compliance and audit visibility.

Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency.

One Identity Active Roles helped us implement fine-grained delegation and access control by assigning specific administrative permissions based on roles and department, which improves security, reduces excessive privilege, minimizes manual errors, and made Active Directory management more controlled and compliant.

One Identity Active Roles integrated well with our existing IT environment, especially with Active Directory and Microsoft infrastructure, which made adoption easier without major changes to current systems or operational processes.

I was impressed with the automation capability in One Identity Active Roles, especially automated user onboarding and offboarding where accounts, group memberships, and permissions were assigned automatically based on department or roles, significantly reducing manual effort and provisioning time.

One Identity Active Roles has significantly reduced compliance effort by centralizing auditing, enforcing role-based access control and policy management, tracking Active Directory changes, and simplifying access reviews and reporting for audits.

One Identity Active Roles reduced the complexity and workload related to Active Directory by automating repetitive tasks, simplifying user and group management, enabling delegated administration, and centralizing policy and access control management.

Delegated administration in One Identity Active Roles positively affected our operations by allowing service desk teams to handle routine Active Directory tasks such as password resets, user creation, and group management without full domain administrator rights, which improved security, reduced workload on senior administrators, and sped up request resolution.

View full review »

One important thing from day-to-day usage is that tools such as One Identity Active Roles are not just about account creation or access management; they help bring consistency into operations in large environments, as one small manual mistake in Active Directory can create bigger issues later, especially during audits or access reviews, and from my experience, the biggest practical benefit has been reducing repetitive manual work and maintaining standardized processes across teams.

The best feature of One Identity Active Roles is delegation administration with role-based access control; it allows an organization to give limited and controlled access to different IT teams without exposing full Active Directory permissions, which is very important from a security perspective.

Role-based access control has helped me mainly by reducing unnecessary privileged access, as earlier, in some environments, multiple admins had broad Active Directory permissions which increased the risk of accidental changes or unauthorized actions, and with One Identity Active Roles, this access could be delegated so teams only got permissions required for their tasks.

One thing worth adding about the features is that as identity and access governance become more important and organizations are handling hybrid environments with cloud and on-premise systems together, tools such as One Identity Active Roles help bring structure to that, especially for managing identity-related operations in a controlled way.

One positive impact we noticed from One Identity Active Roles was improved operational efficiency; earlier, many user management tasks were handled manually, which took more time and sometimes created inconsistencies, but using intelligent role-based workflows and automation made onboarding and access modification faster and more standardized, and we also saw better control over privileged access since permissions were delegated properly, reducing high-level administrative rights, which improved accountability and balanced security with operational speed.

Measurable improvements were noticed over time; for onboarding activities, the creation and access assignment process became much faster because templates and automation group assignments reduced manual work, and earlier, some requests would take a few hours depending on complexity, but with streamlined workflows, standard tasks became much quicker with fewer follow-ups, and from an audit perspective, preparing for access reviews or compliance checks was easier because all changes were logged properly, meaning the teams spent less time collecting manual evidence due to the clear audit process.

We utilized the fine-grained permission control feature of One Identity Active Roles, especially for delegating administration and limiting unnecessary privileged access; one major impact was better implementation of the least privilege principle, as instead of giving broad Active Directory permissions to multiple teams, access is assigned based on specific responsibilities, allowing the helpdesk team to perform limited tasks such as password resets or account unlocks, while application teams manage only their own security groups without broad administrative access.

The automation capabilities of One Identity Active Roles are one of its stronger areas, especially for reducing repetitive administrative tasks and improving consistency; a common example is user onboarding and offboarding workflows where predefined templates automatically populate user attributes, assign appropriate groups, and apply naming standards based on department or role, significantly reducing manual effort and minimizing configuration mistakes.

One Identity Active Roles has had a significant effect on the complexity and workload of day-to-day Active Directory administration, as earlier, many Active Directory-related tasks depended heavily on experienced administrators making direct changes in Active Directory users and computers, which increased the risk of inconsistency and human error; after implementing One Identity Active Roles, administrative tasks became more structured through delegated access, templates, and automated workflows.

View full review »

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, policy placement, approval workflows, and auditing.

One Identity Active Roles automation helps by automatically provisioning and deprovisioning users, assigning groups, and permission based on roles, making my work easier and more efficient. While delegating administrative tasks, it allows service desk teams to perform limited AD tasks without full domain access.

Additionally, the approval workflow, auditing, and policy enforcement features in One Identity Active Roles are very valuable, as they help maintain compliance, track all Active Directory changes, enforce naming and security standards, and improve overall governance and operational controls.

One Identity Active Roles positively impacts my organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and offboarding processes, and enhancing compliance with centralized auditing and policy enforcement.

View full review »

A valuable feature of One Identity Active Roles is delegated administration because it allows different teams to handle specific tasks without giving full Active Directory access. I also find that centralized user and group management very useful since it simplifies onboarding, off-boarding, permission updates, and account management from a single interface. The strong feature is automation and workflow management, which helps reduce manual effort and improve consistency and minimize administrative errors.

Account creation, group assignment, and permission management can all be handled from one place instead of manually configuring everything in Active Directory, making it much faster. Delegated administration also makes support operations easier because basic tasks of password reset and account unlocks can be securely handled by the support team without requiring administrative privileges. These features improve visibility and help maintain better control over administrative changes.

One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks. It also enhanced security through delegated administration because teams can perform specific tasks without needing full domain admin rights. Another positive impact is reduced manual errors and faster onboarding and off-boarding processes, which improved overall operational efficiency for my IT team.

View full review »

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

View full review »

The best features of One Identity Active Roles are automated user provisioning, delegated administration, and role-based access control. It reduces manual Active Directory management tasks, improves security through fine-grained permissions, and provides centralized auditing and policy enforcement. The automation workflows and approval-based access management are especially valuable for maintaining consistency and compliance in large enterprise environments.

The automation workflows help the team automate repetitive identity management tasks such as user onboarding, account updates, password resets, and de-provisioning. Approval-based access management adds an extra security layer by requiring manager or admin approval before sensitive permissions or group memberships are granted. This reduces manual effort, minimizes human errors, improves compliance, and ensures proper access governance across the organization.

One Identity Active Roles significantly reduces the complexity and workload of Active Directory management by automating repetitive tasks such as user provisioning, group management, password resets, and access changes. It simplifies delegated administration and centralized policy management, allowing the IT team to handle Active Directory operations more efficiently with fewer manual errors.

View full review »

The best features One Identity Active Roles offers are automated user provisioning, role-based access control, and delegated administration, auditing, and centralized Active Directory management. I also find the workflow automation and policy enforcement features very useful because they help reduce manual efforts, improve security, and maintain consistency across the environment. Features such as access templates, dynamic groups, and detailed reporting also make identity administration much more efficient.

Access templates and dynamic groups have helped standardize permissions and reduce manual configuration work. For example, when a user moves to a different department or role, the correct group membership and access right can be updated automatically based on predefined policies, which improves consistency and reduces errors.

Another feature I find valuable in One Identity Active Roles is the auditing and reporting capability. It provides clear visibility into changes made in Active Directory, which helps with troubleshooting, compliance, and security monitoring. The delegated administration feature is also very useful because it allows tasks to be assigned securely without giving full administrative access.

One Identity Active Roles has improved the efficiency of identity and access management in our organization. It reduced manual administrative work, improved consistency in user provisioning and access control, and strengthened security through better policy enforcement and auditing.

I noticed significant time-saving after implementing One Identity Active Roles. User provisioning, access updates, and onboarding tasks that previously required a lot of manual efforts are now completed much faster through automation, reducing administrative workload by around forty to fifty percent. It also helped reduce configuration errors and improve compliance by enforcing standardized access policies and maintaining detailed audit logs for Active Directory changes.

View full review »

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

View full review »

The features I found most valuable in One Identity Active Roles are delegated administration, workflow-based automation, and role-based access control. These features help streamline Active Directory management while maintaining better control over administrative permissions and access requests.

Workflow automation helped by reducing the number of manual steps involved in routine AD tasks. For example, when a new user request comes in, the approval and provisioning process follows a predefined workflow instead of relying on emails and manual coordination. This made requests more consistent and reduced the chances of missing important access assignments or approvals.

The auditing and reporting capability is worth mentioning. It gives better visibility into administrative changes and helps during the access review or audit activity. I also appreciate how the platform centralizes many AD management functions.

View full review »

The best features for One Identity Active Roles in my experience are automation, delegated administration, RBAC, dynamic group management, and policy enforcement. I also appreciate centralized management for AD and Entra ID, along with auditing and change tracking which helps significantly during compliance reviews.

One Identity Active Roles has made the biggest impact in automation and delegated administration. It reduced manual AD tasks, minimized provisioning errors, and accelerated user onboarding and offboarding significantly in day-to-day operations.

One Identity Active Roles has positively impacted our organization by improving AD administration efficiency, reducing manual errors, strengthening access governance, and helping to standardize user provisioning and compliance processes across the team.

Since implementing One Identity Active Roles, we have seen faster user provisioning and deprovisioning, a noticeable reduction in manual AD efforts, and significant time savings for routine administrative tasks. It also improved audit readiness through better tracking and policy enforcement.

View full review »

One Identity Active Roles offers many valuable features that function very smoothly, including delegation administration, automated user management, approval workflows, and auditing details. These are the best features based on my experience.

What stands out the most in One Identity Active Roles is its ability to securely delegate routine Active Directory tasks without granting full administrative privileges. Combining this with automation and policy-based control really helps us reduce manual efforts.

One Identity Active Roles has positively impacted many areas within our organization by simplifying Active Directory administration and reducing manual efforts. It improves operational efficiency with the help of automation and delegated administration, leading to very positive outcomes.

In terms of governance and security, One Identity Active Roles provides very valuable add-on features, offering strong governance while not being heavily AI focused. It helps us enforce least privileged access and improves accountability while mitigating the risk of unauthorized changes within our Active Directory environment.

The accuracy and reliability of output from One Identity Active Roles are very high, as it provides very accurate results.

We use the fine-grained permission control feature of One Identity Active Roles, which has been very effective in supporting our least privilege strategy. For example, help desk staff can perform password resets and account unlocks without receiving full Active Directory administrative rights, providing security and reducing the number of highly privileged accounts in the environment.

My impression of the automation capabilities of One Identity Active Roles has been very positive. User account creation, group membership assignments, and account updates can be automated through predefined policies and workflows, allowing the correct attributes, permissions, and groups to be applied automatically based on organizational requirements.

One Identity Active Roles helps improve our compliance processes by enhancing control, visibility, and accountability within Active Directory, strengthening governance, and simplifying the audit and compliance process.

View full review »

The best features One Identity Active Roles offers, in terms of my use cases, include its policy enforcement to ensure that all changes follow predefined standards, avoiding incorrect configuration and maintaining consistency across Active Directory, the role-based access control that allows assigning permissions based on job roles to simplify management and improve security in our organization, and its automation features.

I need to highlight role-based access control in One Identity Active Roles, as it has had the biggest day-to-day impact. Automation and policy enforcement are powerful, without doubt, but role-based access control is what fundamentally changed how we operate. Earlier, many tasks were a bottleneck, with only a senior admin able to perform most Active Directory changes, resulting in many help desk tickets. However, with One Identity Active Roles, we created fine-grained roles such as password reset, group management, and user provisioning, assigned those roles to the help desk team, and restricted access to only those organizational units based on attributes. Now, 90% of routine tasks are handled without escalation.

The effect of One Identity Active Roles on the complexity and workload of administrative tasks related to Active Directory has been very positive. It significantly reduces the operational burden while making processes more structured and controlled. It has really reduced administrative complexity. Tasks are handled through templates, policies, and workflows, which has significantly reduced the workload.

One Identity Active Roles has really impacted our organization very positively. It has improved control over Active Directory operations and reduced manual efforts. Tasks are completed faster than previously and more securely. These are the positive impacts we are seeing in day-to-day operations.

One Identity Active Roles has really proved its value. While exact numbers vary by environment, the provisioning time reduced by 70 to 80% and it is very smooth, and help desk ticket resolution improved by 60 to 80%. It has really reduced the use of privileged accounts, contributing to the positive impact we are seeing.

View full review »

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners. 

View full review »

The best features of One Identity Active Roles are its automated delegation and centralized Active Directory management capabilities. Based on my experience, these are the most valuable features, including role-based access control and automated workflows, dynamic group management, change tracking, and auditing, hybrid environment management, and access templates and policy enforcement.

The feature that made the biggest difference for us with One Identity Active Roles is the role-based delegation. Automation workflow, automated user provisioning, de-provisioning, group management, and policy enforcement reduce manual work and human error. Dynamic group management, such as automatically adding or removing users from groups based on predefined rules and attributes, also contributes significantly.

View full review »

The best features of One Identity Active Roles include user lifecycle management, delegated administration, automation, and role-based access control, where user lifecycle management helps to standardize and automate tasks, and delegated administration allows teams to perform specific tasks without giving them full Active Directory privileges, thus improving both security and operational efficiency.

For one example regarding how automation and role-based access have helped my team, the user onboarding process used to involve the administrator manually creating accounts, assigning groups, and configuring permissions; however, with One Identity Active Roles, the process can be standardized through workflows and templates, which reduces manual effort, speeds up provisioning, and ensures users receive the correct access from the start, while I also appreciate the auditing and change tracking capabilities for visibility into who changed what and when, which aids troubleshooting, compliance, and overall governance in our Active Directory environment.

One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts.

View full review »

One of the best features of One Identity Active Roles is its automated onboarding capability.

The feature that stands out most for me is the delegated administration combined with policy-based automation, which provides a strong balance between operational efficiency and security governance. One of the most valuable aspects is the ability to assign administrative responsibility to specific teams without granting full Active Directory administrative privilege. For example, Help Desk or regional IT teams can manage password resets, group membership, or user account updates within a controlled scope, while core security and directory administrators remain centrally governed.

A feature that stands out during daily operations is the centralized auditing and tracking capability. In enterprise Active Directory environments where multiple administrators and support teams are involved, having detailed visibility into account changes, group modifications, and administrative actions is extremely valuable.

One Identity Active Roles helps simplify troubleshooting, improve accountability, and support compliance and audit requirements because administrative activities can be tracked more efficiently from a centralized platform.

One Identity Active Roles has positively impacted our organization by improving operational efficiency, strengthening governance, and reducing manual administrative effort within Active Directory and identity management operations. One of the biggest improvements was the automation of routine identity lifecycle tasks such as user provisioning, account updates, group management, and deprovisioning, which reduced repetitive manual work for administrators and helped minimize configuration errors.

We observed noticeable operational improvements after implementing One Identity Active Roles, especially in user provisioning and administrative management processes. For example, onboarding and account provisioning tasks that previously required multiple manual activities and directory updates became significantly faster through policy-based automation and predefined templates, reducing the time required for runtime account management activities and improving consistency across the environment.

View full review »

The best features One Identity Active Roles offers are delegated administration and automation, which stand out the most because they reduce admin workload and improve security. Delegated administration and automation significantly reduce admin workload while improving security and control.

For example, HR or help desk can create or modify users, but only within defined limits - they cannot make critical changes outside their scope.

One Identity Active Roles reduces the risk of misuse or accidental changes, and a workflow benefit is that the centralizing IT team does not handle every request. One Identity Active Roles has had a very positive impact on the organization, especially in terms of security and control over Active Directory.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has significantly helped implement least privilege principles. Instead of giving broad admin rights, very specific permissions are assigned based on roles, tasks, and need-to-know access. One Identity Active Roles has had a strong positive impact on the organization's compliance efforts. All changes in AD are logged and traceable, which helps during audits. Fine-grained permissions ensure users only have the access they need, while naming conventions, access roles, and security policies are automatically enforced.

View full review »

The best feature of One Identity Active Roles is automation combined with delegated administration, which reduces repetitive Active Directory work such as user provisioning, group assignment, and account management while allowing the service desk team to handle routine tasks without granting full domain admin access.

Automation simplifies daily operations by eliminating repetitive manual Active Directory tasks including user creation, group assignment, password reset, and account disablement. Onboarding and offboarding processes become much faster because account permissions and group membership are assigned automatically based on role or department.

One Identity Active Roles has positively impacted productivity and user satisfaction by reducing delays in account provisioning, password reset, and access requests. Previously, many AD-related tasks were manual and heavily dependent on senior administrators, but after implementing automation and delegated administration, requests are completed much faster and with fewer errors.

View full review »

The best features One Identity Active Roles offers are that it can be used across multiple domains and forests.

In our company, we have 85 different domains, and it would be cumbersome to have a separate instance of One Identity Active Roles for each domain. One Identity Active Roles allows us to give people in one domain access through One Identity Active Roles to all these other domains without them needing an account in each of those other domains, even though there does not have to be a trust between those domains.

One Identity Active Roles has positively impacted my organization by helping speed up delegations and helping us find permissions and generate reports more quickly on who has what access where.

One Identity Active Roles takes us less time, probably half the time, to complete delegations that are very granular and complex, compared to having to use native tools and scripts.

View full review »

The best features for One Identity Active Roles are automated user provisioning, role-based access control, delegated administration, and centralized Active Directory management. It also provides strong auditing and compliance capabilities, which help reduce manual administrative work, improve security, and maintain consistent access policies across the organization.

The feature we rely on the most in One Identity Active Roles is automated user provisioning. It has the biggest day-to-day impact because it streamlines employee onboarding and access management by automatically creating accounts, assigning groups, and applying permissions based on predefined roles. This saves time, reduces manual errors, and ensures users get the correct access quickly and consistently.

One Identity Active Roles has positively impacted our organization by simplifying Active Directory administration and reducing the amount of manual work required for user and access management. Automation improved onboarding efficiency, reduced configuration errors, strengthened access control, and helped maintain better compliance and auditing across the environment.

After implementing One Identity Active Roles, we saw a noticeable reduction in onboarding and account management time because many tasks became automated. It also helped reduce manual provisioning errors and improved consistency in access assignment. The auditing and reporting features made compliance review easier by providing better visibility into administrative changes and user access activity.

View full review »

One Identity Active Roles provides excellent integration with third-party tools. The integration feature helps us smoothly create user profiles for employees so that they can use third-party software easily. We have integrated it with other software such as Salesforce, Azure, and our data company.

Another feature that is very beneficial for us is the dashboard and the reports that One Identity Active Roles provides. These are of very good quality, and you can get all the data in one dashboard, making it easier for us to track the data. The dashboard feature is excellent.

One Identity Active Roles has positively impacted our organization in both efficiency and security. Since we no longer have to manually perform provisioning and de-provisioning, the automated process has increased security and efficiency.

One Identity Active Roles has reduced the number of errors that we were facing before using it. The fine-grained permission control feature allows us to grant certain users permissions or access to software easily. This feature has improved the security of our organization and made our workflow smooth. The fine-grained permission control feature has made managing permissions more secure and automated, reducing the time spent on managing permissions and increasing efficiency overall.

View full review »

One Identity Active Roles offers me several best features, including automation workflow, which saves a lot of manual AD work during onboarding and offboarding, and its role-based delegations that allow the help desk to perform limited tasks without full admin rights, as well as change history and auditing that make it easy to track who can change what in AD.

The automation feature has made the biggest difference in my day-to-day work, which assists in designing auditing benefits. Tasks such as user onboarding, offboarding, group assignment, and mailbox provisioning are significantly improved.

One Identity Active Roles has positively impacted my organization by enabling faster onboarding and offboarding through automations, reducing manual AD errors and permission mistakes, and lightening the workload for the infrastructure help desk team. Tasks that used to take 20 to 30 minutes manually can now be completed within 5 to 10 minutes.

The time savings facilitated by One Identity Active Roles have allowed my team to focus more on higher-value work instead of repetitive admin tasks. Instead of spending hours on account provisioning, password issues, or manual permission changes, the team can now concentrate on projects, security improvement, and user support, which has also reduced stress during busy periods because workflows are standardized and less error-prone.

View full review »

The best features of One Identity Active Roles that I have been using for the last year include workflow automation, delegated administration, role-based access control, user provisioning, de-provisioning, centralized Active Directory management, and detailed auditing and reporting use cases.

One Identity Active Roles' biggest impact is workflow automation, which has made the biggest impact for my team, as it helps automate user onboarding, access assignment, and the approval process, which saves time, reduces manual errors, and improves operational efficiency.

One Identity Active Roles has positively impacted my organization since it reduced manual administrative work, strengthened access security, and helped streamline user and permission management across the organization.

I have seen faster user onboarding and fewer manual errors after implementing One Identity Active Roles, where tasks that previously took 20 to 30 minutes manually can now be completed in just a few minutes through automation and predefined workflows.

One Identity Active Roles provides strong automation capabilities that significantly reduce manual administrative work, with one especially helpful example being automated employee onboarding, where user accounts, group membership, permissions, and mailbox access are assigned automatically based on the employee's department or role.

One Identity Active Roles has reduced the complexity and workload of Active Directory administration by automating repetitive tasks, simplifying user management, and improving delegation and access control processes.

Automation has reduced manual administrative efforts and saved significant time during onboarding and access management tasks that earlier took 20 to 30 minutes and are now completed in a few minutes.

View full review »

The best feature of One Identity Active Roles is centered around AD automation, delegated administration, governance, and hybrid identity management. These are the main features that One Identity Active Roles provides.

Delegated administration combined with automation is the feature I find most valuable in my day-to-day work because it solves two major enterprise problems simultaneously. For example, too many AD manual tasks and too many users with excessive admin rights make this feature best for me.

One Identity Active Roles has had a positive impact by empowering automation security across identity management processes. Some of the biggest improvements are faster user onboarding, reduced administrative workload, and better security through delegations. Previously, I was handling a 100 percent workload, but after using One Identity Active Roles, 70 percent of my load has been resolved.

View full review »

The best features One Identity Active Roles offers include fine-grained delegated administrator, RBAC policies, lifecycle management, hybrid managed identity management, policy-based administration, and auditing, tracking, and changes.

If I have to select one feature, lifecycle management has the biggest impact because it automates user onboarding, role changes, and offboarding, making access updates faster, consistent, and less error-prone while reducing the risk of orphaned accounts.

One Identity Active Roles has positively impacted my organization by speeding up the user provisioning, reducing manual AD tickets, strengthening the security through consistent access control, and improving compliance.

Based on our analysis, the solution saves around 30 to 60 minutes of time. Ticket reduction is around 50%, and I have seen fewer access errors.

View full review »

One Identity Active Roles offers workflow automation, role-based access control, dynamic group management, hybrid AD and Microsoft 365 management, approval workflows, policy enforcement, and auditing.

The feature that stands out and has had the biggest impact is the dedicated administrator combined with workflow automation. Before implementing One Identity Active Roles, routine AD tasks required senior administrators with elevated privileges. Now L1 and L2 support teams can safely handle tasks such as password resets, account unlocks, group modifications, and basic user provisioning through controlled RBAC policies. This helps us by reducing dependence on domain admin access, lowering the risk of accidental and unauthorized changes, speeding up user on-boarding and support requests, standardizing AD operations across teams, and reducing manual efforts and workload. Onboarding previously took around thirty to forty minutes, and now it takes just two to three minutes.

One Identity Active Roles has improved our organization by automating AD tasks, reducing manual errors, improving security through dedicated access control, and speeding up user onboarding and off-boarding. It has also helped reduce admin workload and improved our compliance tracking.

View full review »

The best features One Identity Active Roles offers are delegated administration, automation workflows, centralized AD management, and the detailed auditing capabilities that make tracking changes much easier.

Delegated administration has made the biggest impact because it allows the different teams to manage specific AD tasks securely without giving full domain-level access.

The automation and approval workflows stand out significantly in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted the organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

View full review »

The best feature that One Identity Active Roles offers is the approval flow, which gives access only to authorized persons, making the process secure. The user-friendly interface allows someone without a technical background to apply for the tools needed and be given access.

The approval process makes things more secure and efficient. This process prevents unauthorized and accidental access to sensitive tools and data, which are major concerns for my company. I have been told to access some particular tools and data through that portal only.

One Identity Active Roles has made things more organized and secure across the company. It has also reduced the need to contact IT administrators directly, saving time for both me and the IT staff. During the orientation program, I was informed that the use of this tool has reduced the IT team's workload. Previously, the IT team needed to provide the tool and monitor who was using it, but now with this tool, they do not have to specifically check on who is accessing the tools and data.

The IT team has reduced their workload by around four hours, although I do not know the specific hours saved. Access to the tools has become much faster; as soon as I apply, it goes through the approval process, and if the tool is required, then access is provided to me or any other IT intern.

View full review »

The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing, as these features simplify Active Directory management, improve security, reduce manual efforts, and enhance compliance.

The feature that has made the biggest difference for me in One Identity Active Roles is automation, especially automated user provisioning and de-provisioning, because it significantly reduces manual Active Directory tasks, minimizes errors, improves consistency, and accelerates onboarding and off-boarding processes.

Additionally, the delegated administration and auditing features in One Identity Active Roles are very valuable as they improve security by limiting excessive privilege and provide centralized tracking of Active Directory changes for compliance and governance.

One Identity Active Roles positively impacts our organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and off-boarding processes, reducing service desk workload, and enhancing compliance.

View full review »

The best features of One Identity Active Roles are its automated features, provisioning or deprovisioning users, and its role-based permission handling where access is assigned through roles instead of giving full permission individually. This simplifies management in a large environment.

The auto-provisioning or role-based permission handling makes my daily work easier and more efficient because it automates our environment since we don't have to manually onboard or deboard employees. It is totally automated which helps in reducing the workload of the IT team by about 50 to 60 percent. This makes our job easier and efficient without having human errors.

One Identity Active Roles has had a great positive impact on our organization. It has really made administrator directory management easy in a controlled way and has improved security due to reduced direct access to applications or systems, thus saving time.

I can say we have a positive impact in terms of metrics. It has really reduced administrative efforts, with a 40 to 60 percent decrease in time spent on routine Active Directory tasks such as user creation, password resetting, or any group changing for employees. This really helped the team to handle requests without any escalations and also allowed for faster user provisioning.

View full review »

The best feature of One Identity Active Roles is its ability to control delegations. It allows us to assign limited access to team members based on their roles and responsibilities. This helps us reduce risk while keeping operations smooth and provides more secure AD management.

Delegating tasks like password resets has impacted positively in our organization and has helped us to smoothen and speed up our work. It allows organizations to control user accounts, their permissions and changes in a more structured and simpler way. This helps improve both security and the application process.

View full review »

One Identity Active Roles offers strong role-based access control and delegation capabilities that improve security by limiting admin privilege, supports automation, and has a powerful policy engine for enforcing standard policies, ensuring consistency across Active Directory operations, which reduces misconfiguration. It also provides comprehensive audit and reporting features that improve visibility into changes.

Compliance with the Active Directory environment has really helped us with audit and reporting capabilities.

One Identity Active Roles has positively impacted our organization by increasing efficiency through automating routine tasks and improving governance through approval workflows, making our Active Directory management workload more structured.

We have seen that it has reduced manual work and we have noticed a reduction in human errors along with a decrease in time efforts, so our team is now able to handle more workload than before.

View full review »

One Identity Active Roles offers exceptional features, including a delegation model that combines policy enforcement. The solution allows the help desk team to be given the exact permissions they need, enabling them to reset passwords, unlock accounts, and update phone numbers without granting them access to areas they should not touch, such as group membership or admin accounts. Every action taken follows the defined policy automatically, making this the favorite feature of the solution.

This automated delegation saves significant time for the team, as it has changed how IT operations work. Previously, a constant flood of routine requests landed on the admin team, who were already busy with substantial work. Now, such tasks are automated rather than performed manually.

One Identity Active Roles enables time savings with password resetting and account unlocking, which used to consume significant management time but are now automated. The solution also provides improved flexibility, policy enforcement that eliminates human errors, and seamless Active Directory integrations. A substantial amount of time has been reduced, and human errors have decreased.

View full review »

One Identity Active Roles brings significant value through its lifecycle management capabilities, which are very good with no complaints or problems at all.

With the inclusion of One Login, which One Identity acquired three or four years back, One Identity Active Roles has gained complete coverage. Earlier, One Identity lacked an IAM solution. They always have had the Active Directory management solution in the form of One Identity Active Roles or through the IGA solution. But with the inclusion of One Login, that has really fulfilled the requirement which customers need from a single vendor. The competition includes SalePoint, Saviynt, and others, including Ping Identity, who is also coming up with an IGA kind of solution. One Identity has been providing it for a very long time, longer than these competitors who have just started realizing all those things and providing a similar kind of solution to the customer. One Login and One Identity provide complete coverage to the customer, which is really helpful.

One Identity Active Roles brings a positive impact to organizations in that they will start realizing the ROI in a much faster manner because the implementation time is very short and it is easy to use. Additionally, since there are many regulated entities which need this kind of solution and in the market there are very few solution providers who can provide this kind of coverage, that is the advantage which One Identity Active Roles has.

View full review »

I think the best feature One Identity Active Roles offers is probably the automation capability, although we do not utilize it to its fullest extent.

Since automation is a highlight for me, what I like about the automation in One Identity Active Roles is the time savings.

One Identity Active Roles has positively impacted my organization by providing a consistent and easy to understand interface for Active Directory, whether you are reading it or whether you are actively managing Active Directory.

View full review »

The best features One Identity Active Roles offers is role-based administration, which provides secure delegation of administrative tasks to different teams or individuals while maintaining governance and compliance.

Role-based administration has helped my team because we can securely delegate specific administrative responsibilities to different teams or individuals without giving full administrator rights.

One Identity Active Roles has positively impacted my organization. My senior managers informed me that aside from using it for other companies' projects, we are using it in our company as well. The positive impact is that it saved time, improved security, and made things more efficient. However, I have only been here for four to five months, and we have been using it for one project only.

Regarding One Identity Active Roles's governance and security capabilities, the role-based delegated administration, centralized policy enforcement, and audit compliance and reporting are exceptional features. One Identity Active Roles has had a positive effect on reducing the complexity and workload of the administrative tasks related to Active Directory.

View full review »

In my opinion, the best features One Identity Active Roles offers include centralized Active Directory management, role-based access control, easy password management, auditing and reporting. Additionally, it reduces manual administrative tasks.

I find myself relying on centralized management the most out of those features, as the IT team can manage all user groups, permissions, and Active Directory related tasks from one single platform instead of handling everything manually from different servers or tools. With One Identity Active Roles, administrators can create users, reset passwords, assign permissions, manage groups, and disable accounts.

One Identity Active Roles has impacted my organization positively by reducing manual work, improving security, saving administrative time, and reducing human errors. The best feature I can highlight is that the organization helps in reducing human error and standardizing the user management process. Apart from this, it enhances overall operational efficiency.

View full review »

One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.

The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.

One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.

View full review »

Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. 

Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. 

Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly.

The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer.

The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. 

The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it.

It's helped increase operational efficiency by 50%.

It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively.

We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access.

It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times.  

We've just integrated with our HR system. It helps us follow activated and deactivated users. 

I'd rate the granular controls on offer ten out of ten.

We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface. 

View full review »

One Identity Active Roles offers multiple best features that provide a good experience in our real-time environment. The delegation of admin tasks is a primary feature. Instead of giving full access to everyone, we assign specific permissions based on roles. For the IT team, we do not need to provide full access.

Since we have implemented One Identity Active Roles, we have seen significant improvements. The process is truly helpful and has positively impacted our environment. We have experienced faster user management, better control over Active Directory, reduced errors, and improved security.

View full review »

The best feature is the role-based access control feature, which secures delegation without giving full admin rights to any users. The central management is also valuable, as it gives a single unified console to manage the entire AD environment.

This solution saves time through user onboarding and removes concerns about security, as all these aspects are managed by One Identity Active Roles. Users receive access based on their role, the onboarding process is simpler, and manual user lifecycle management has been reduced.

View full review »

The feature I appreciate most about the solution is the ability to lock down Active Directory Roles granularly. For instance, our support personnel can only change passwords for users; the only thing they can change in the user object is the password. They cannot alter anything else. This allows us to manage multiple One Identity Active Roles from a single pane of glass. We're very satisfied with the granularity.

We have eased the burden on the support desk and reduced the risk of them doing something they shouldn't. We have limited the use of domain administrators and gained a better view of what is happening in One Identity Active Roles. It is easier to find rogue and malicious users, and end users can now request access through the web interface instead of creating a ticket.

We've lowered the amount of privileged accounts. We can have support staff that have privileged access however, we've limited privileges so that they can only do what they are meant to do in the directory.

Active Roles helped reduce our identity-based breaches. I don't have a number of how many. It's maybe between 10% and 20%. Now, we know what users we actually have in our IT directory. It has helped us to find the dormant users that we don't need anymore.

It's improved our security posture. It has limited access to our crown jewels, where all our identities lie within Active Directory. It's not a stand-alone product. It doesn't fix everything. However, it does help to the overall security posture. Before, we had domain admins logging directly into our directory user's computers, and doing stuff. They don't do that anymore. We've limited priveledges. The directory is more secure today and we have better visibility.

View full review »

The access templates help set up granular permissions and the web portal to manage Active Directory. Active Directory is usually managed through a heavy console, and using One Identity Active Roles allows it to be managed through any internet browser. Additionally, it helps in removing custom Active Directory delegation, which enhances security by eliminating unnecessary privileges, addressing identity-based breaches by reducing the number of Active Directory delegations.

View full review »

The most valuable features are the access templates, which allow for granular permissions, and the policies that provide a framework for usage and standardization across entities. The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface. It helps us ensure that entities do not make any mistakes by hiding those capabilities directly in the tools with the access templates.

View full review »

It is very intuitive and close to the native tools. Since it is web-based, it does not require extensive training for our end users. If users are familiar with native tools, they should be able to use the web-based tools with minimal training.

View full review »

Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface.

The solution gives us granular control, allowing us to build highly customized roles and apply them across our environment. We have 500,000 separate OUs.

View full review »

The best features One Identity Active Roles offers for me are delegated administration, automation workflows, centralized AD management, and the detailed auditing capabilities that make tracking changes much easier.

The detailed auditing capabilities of One Identity Active Roles have helped me significantly because delegated administration has probably made the biggest impact by letting different teams manage specific AD tasks securely without giving full domain admin-level access. The automation and approval workflows stand out a lot in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted my organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

I have noticed specific outcomes since using One Identity Active Roles, such as faster onboarding and access provisioning after automation. I have also seen fewer permission-related errors because the workflows are more standardized and controlled.

View full review »

The best part of this Active Roles is the workflow engine. It features an industry-leading workflow automation feature. It's a visual PowerShell that allows task interruption. 

It offers single-pane-of-glass management to a degree. Right now, the Azure side can only be done from the web UI, not the console. The administrative side can only be done from the console, not the web UI. 

Conditional access works well. Combined with RBAC, it always works well with Active Roles because Active Roles can do access based on dynamic implementation.

The permission management feature is also excellent, clearly showing delegated permissions. Active Roles tells you when any permissions are done without going into this crazy fine-grained permission strategy that is horrible compared to Active Roles' template-based permissions. You can design on your own. It easily shows where all the permissions are delegated.

Unfortunately, you can't do much with zero trust and Active Roles at the moment unless you combine them with Safeguard. It lines up with using zero trust if you combine a couple of different workflows together.

View full review »

The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

View full review »

It is an easier way for me to manage Active Directory with more advanced features.

The console helps with granular control.

View full review »

It has so many features. Dynamic Groups are good and the ease of delegation is useful as well.

View full review »

We like that we can manage our groups and access. You can get granular in terms of the access control.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow. That's very important for our organization. It allows us to assign access accordingly for the file shares for admin access to servers.

It enables zero trust security with hybrid, AD, delegation, and role-based access control. It's extremely important for us.

View full review »

Secure access is the most valuable feature.

View full review »

We can create a user in the cloud and give them access to resources through one workflow. I rate this feature eight out of 10 in terms of importance. Active Roles enables zero-trust security with hybrid ID fine delegation and role-based access control, which is our primary purpose for using the solution.

View full review »

With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems.

ARS also gives you a single pane of glass to manage AD and Azure AD. One of the things that we really like is that we can get to everything from ARS if we need to. So unless you are a system admin, there's no reason for you to go into Azure AD, because we have it set up so that everything syncs up with Azure AD. It gives us a level of confidence that things are matching from a governance perspective. We're trying to mature. I don't know that ARS will get us to our final destination, but it is helping us govern what we can see.

View full review »

All of the features have been valuable, and that is not often so. We use probably 90 to 95 percent of the features of Active Roles. The only one we don't use right now is the plugin to Azure because we just use Active Roles for on-prem management of our Active Directory. 

My favorite feature is probably the Dynamic Groups and the fact that Dynamic Groups are built pretty much on the fly and kept up-to-date. That is huge for us. There are so many features, if I had to pick one, then Dynamic Groups would be my favorite. We routinely will get requests from our business, saying, "We need a group that contains everybody in this particular department," whether it be a distribution list just for emails, a group to secure a file server, etc. With Active Roles, we can create this group and tell Active Roles, "Every user account that you find that has department equaling whatever 'this is', then put them in this group." 

The way Active Roles works: As soon as somebody gets the value in that department field changed to something that matches, then Active Roles puts it into that group in almost real-time. As soon as it replicates through Active Directory and Active Roles, the DC that Active Roles is using sees that change, then Active Roles take action and keeps those groups up-to-date for us.

One feature that we use a lot is temporal group membership. It allows us to put somebody in a group on a time basis. We can say, "You get put in this group," then you will automatically come out on this date at this time. We can either put them in on a date and time or take them out on a date and time. It's a great teacher, and it's also one of those things that native tools doesn't allow us to do.

View full review »

The most valuable feature is the ability to delegate by using permissions and workflows. 

Another good feature is the Change History. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated. 

We can also enforce data formats. That creates a higher quality in the data that we store in the directory by enforcing naming conventions and data formats. 

In addition, we can reach the data set by using virtual attributes, rather than extending that, so we can put schema attributes in ARS that live in AR without actually impacting the Active Directory environment.

One other thing that I really like about this product, as an engineer, is the design of it, meaning not how it looks, but how it was designed architecturally. This is one of the greatest strengths of the product. It's just designed right.

View full review »

The way it captures data and transforms it into ways that will be usable for the Active Directory is the most valuable feature. 

We haven't found a different solution that is able to do this. We have been relying on manual scripting, which proved to be very unreliable. Active Roles is definitely much better.

It also improved our automation. It was already automated, but it improved it. It was able to capture more data out of Trillium and SAP and populate the Active Directory in an open-minded manner.

We have two staff members and so per staff member, Active Roles saves us 0.2 FTE.

Active Roles has improved the accuracy of our onboarding process. There are fewer errors during the sync.

View full review »

The built-in templates within ARS allow you to create security groups without having to construct them on your own. It greatly simplifies the process and is also makes it much easier to review if you ever need to make changes.

View full review »

The delegation feature is really important. It is one of the most valuable features that our customers appreciate about the solution. 

The provisioning and deprovisioning saves a lot of time and skips a lot of errors.

For the AD management feature, it is perfect. It covers everything. 

View full review »

It gives us attribute-level control and the AD management features work very well.

View full review »

It's valuable to us in that it resembles the native tools that most people have grown accustomed to. Most people come from another company where they may have not used Active Roles. Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people to interact with the tool.

The AD and AAD management features of this solution are really good. They're better than the native tools. They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see. What I really like is the fact that we have the mailbox and the user information all on one screen. With native tools, you need two tools to show that information.

View full review »

• Role Based Access Control
• Provisioning, Re-provisioning, De-provisioning and Undo-De-provisioning policies
• Data validation policies
• Workflows
  • If Then Else statements
  • Approval Workflows
  • Schedule Workflows
  • Escalation
• Virtual Schema
• Virtual OU’s
• Web console with easy customization option
• Integration and data synchronization with SQL, Office 365, Lync etc.
• Event handlers

View full review »

• It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system.
• It allows you to easily monitor all workflow processes.
• It has very powerful native policies and scripts, which allow you to create your own custom policies, scripts, and virtual attributes.
• In addition to using the console (MMC interface), it also gives you management from the web interface.

View full review »

It provides automatic provisioning for many applications and systems, including in-house applications and cloud applications. Also, it offers a virtual directory structure and a new directory layer between users and physical directories. Management and monitoring become easier.

View full review »