I use One Identity Active Roles in centralized Active Directory administration, and it helps me reduce the risk of direct domain admin access.

The auditing and change tracking features of One Identity Active Roles make it easier for me to have clear visibility of what is changed, who changed it, and how it was changed, while also helping me maintain a detailed auditing workflow.

I appreciate the security improvement and the Active Directory management features of One Identity Active Roles.

One Identity Active Roles has been impactful and helpful in the area of automation of user provisioning and de-provisioning, and it helps me maintain a good approval workflow.

One Identity Active Roles saves me time, reduces the risk of direct domain admin access, and helps me in centralized Active Directory administration.

Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions. 

Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft. 

Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly.

The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer.

The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten. 

The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it.

It's helped increase operational efficiency by 50%.

It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively.

We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access.

It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times.  

We've just integrated with our HR system. It helps us follow activated and deactivated users. 

I'd rate the granular controls on offer ten out of ten.

We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface. 

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

One Identity Active Roles offers several valuable features in our experience. Role-based access control allows us to define who can do what and reduces the risk from broad admin rights.

The automated provisioning workflows automatically create, update, and disable accounts with approval steps.

Additionally, group management automation allows us to auto-assign users to groups based on attributes such as department, location, and job roles.

We also value the auditing and compliance reporting, which helps us to track who did what and when, assisting in satisfying compliance requirements.

One Identity Active Roles has helped us standardize and secure identity management across multiple customer environments.

It has also reduced our manual effort through automation and minimized error with policy enforcement, improved our security through role-based access control and approvals, and strengthened our compliance with full auditing.

This results in faster operations with lower risk and more consistent service delivery.

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners. 

The feature I appreciate most about the solution is the ability to lock down Active Directory Roles granularly. For instance, our support personnel can only change passwords for users; the only thing they can change in the user object is the password. They cannot alter anything else. This allows us to manage multiple One Identity Active Roles from a single pane of glass. We're very satisfied with the granularity.

We have eased the burden on the support desk and reduced the risk of them doing something they shouldn't. We have limited the use of domain administrators and gained a better view of what is happening in One Identity Active Roles. It is easier to find rogue and malicious users, and end users can now request access through the web interface instead of creating a ticket.

We've lowered the amount of privileged accounts. We can have support staff that have privileged access however, we've limited privileges so that they can only do what they are meant to do in the directory.

Active Roles helped reduce our identity-based breaches. I don't have a number of how many. It's maybe between 10% and 20%. Now, we know what users we actually have in our IT directory. It has helped us to find the dormant users that we don't need anymore.

It's improved our security posture. It has limited access to our crown jewels, where all our identities lie within Active Directory. It's not a stand-alone product. It doesn't fix everything. However, it does help to the overall security posture. Before, we had domain admins logging directly into our directory user's computers, and doing stuff. They don't do that anymore. We've limited priveledges. The directory is more secure today and we have better visibility.

The best features One Identity Active Roles offers are that it can be used across multiple domains and forests.

In our company, we have 85 different domains, and it would be cumbersome to have a separate instance of One Identity Active Roles for each domain. One Identity Active Roles allows us to give people in one domain access through One Identity Active Roles to all these other domains without them needing an account in each of those other domains, even though there does not have to be a trust between those domains.

One Identity Active Roles has positively impacted my organization by helping speed up delegations and helping us find permissions and generate reports more quickly on who has what access where.

One Identity Active Roles takes us less time, probably half the time, to complete delegations that are very granular and complex, compared to having to use native tools and scripts.

The access templates help set up granular permissions and the web portal to manage Active Directory. Active Directory is usually managed through a heavy console, and using One Identity Active Roles allows it to be managed through any internet browser. Additionally, it helps in removing custom Active Directory delegation, which enhances security by eliminating unnecessary privileges, addressing identity-based breaches by reducing the number of Active Directory delegations.

The most valuable features are the access templates, which allow for granular permissions, and the policies that provide a framework for usage and standardization across entities. The solution improved our organization's security posture by framing the end users and ensuring that capabilities that could cause mistakes are hidden from the web interface. It helps us ensure that entities do not make any mistakes by hiding those capabilities directly in the tools with the access templates.

One Identity Active Roles brings significant value through its lifecycle management capabilities, which are very good with no complaints or problems at all.

With the inclusion of One Login, which One Identity acquired three or four years back, One Identity Active Roles has gained complete coverage. Earlier, One Identity lacked an IAM solution. They always have had the Active Directory management solution in the form of One Identity Active Roles or through the IGA solution. But with the inclusion of One Login, that has really fulfilled the requirement which customers need from a single vendor. The competition includes SalePoint, Saviynt, and others, including Ping Identity, who is also coming up with an IGA kind of solution. One Identity has been providing it for a very long time, longer than these competitors who have just started realizing all those things and providing a similar kind of solution to the customer. One Login and One Identity provide complete coverage to the customer, which is really helpful.

One Identity Active Roles brings a positive impact to organizations in that they will start realizing the ROI in a much faster manner because the implementation time is very short and it is easy to use. Additionally, since there are many regulated entities which need this kind of solution and in the market there are very few solution providers who can provide this kind of coverage, that is the advantage which One Identity Active Roles has.

One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.

The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.

One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.

I think the best feature One Identity Active Roles offers is probably the automation capability, although we do not utilize it to its fullest extent.

Since automation is a highlight for me, what I like about the automation in One Identity Active Roles is the time savings.

One Identity Active Roles has positively impacted my organization by providing a consistent and easy to understand interface for Active Directory, whether you are reading it or whether you are actively managing Active Directory.

It is very intuitive and close to the native tools. Since it is web-based, it does not require extensive training for our end users. If users are familiar with native tools, they should be able to use the web-based tools with minimal training.

Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface.

The solution gives us granular control, allowing us to build highly customized roles and apply them across our environment. We have 500,000 separate OUs.

The best part of this Active Roles is the workflow engine. It features an industry-leading workflow automation feature. It's a visual PowerShell that allows task interruption. 

It offers single-pane-of-glass management to a degree. Right now, the Azure side can only be done from the web UI, not the console. The administrative side can only be done from the console, not the web UI. 

Conditional access works well. Combined with RBAC, it always works well with Active Roles because Active Roles can do access based on dynamic implementation.

The permission management feature is also excellent, clearly showing delegated permissions. Active Roles tells you when any permissions are done without going into this crazy fine-grained permission strategy that is horrible compared to Active Roles' template-based permissions. You can design on your own. It easily shows where all the permissions are delegated.

Unfortunately, you can't do much with zero trust and Active Roles at the moment unless you combine them with Safeguard. It lines up with using zero trust if you combine a couple of different workflows together.

The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

It is an easier way for me to manage Active Directory with more advanced features.

The console helps with granular control.

It has so many features. Dynamic Groups are good and the ease of delegation is useful as well.

We like that we can manage our groups and access. You can get granular in terms of the access control.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow. That's very important for our organization. It allows us to assign access accordingly for the file shares for admin access to servers.

It enables zero trust security with hybrid, AD, delegation, and role-based access control. It's extremely important for us.

Secure access is the most valuable feature.

We can create a user in the cloud and give them access to resources through one workflow. I rate this feature eight out of 10 in terms of importance. Active Roles enables zero-trust security with hybrid ID fine delegation and role-based access control, which is our primary purpose for using the solution.

All of the features have been valuable, and that is not often so. We use probably 90 to 95 percent of the features of Active Roles. The only one we don't use right now is the plugin to Azure because we just use Active Roles for on-prem management of our Active Directory. 

My favorite feature is probably the Dynamic Groups and the fact that Dynamic Groups are built pretty much on the fly and kept up-to-date. That is huge for us. There are so many features, if I had to pick one, then Dynamic Groups would be my favorite. We routinely will get requests from our business, saying, "We need a group that contains everybody in this particular department," whether it be a distribution list just for emails, a group to secure a file server, etc. With Active Roles, we can create this group and tell Active Roles, "Every user account that you find that has department equaling whatever 'this is', then put them in this group." 

The way Active Roles works: As soon as somebody gets the value in that department field changed to something that matches, then Active Roles puts it into that group in almost real-time. As soon as it replicates through Active Directory and Active Roles, the DC that Active Roles is using sees that change, then Active Roles take action and keeps those groups up-to-date for us.

One feature that we use a lot is temporal group membership. It allows us to put somebody in a group on a time basis. We can say, "You get put in this group," then you will automatically come out on this date at this time. We can either put them in on a date and time or take them out on a date and time. It's a great teacher, and it's also one of those things that native tools doesn't allow us to do.

With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems.

ARS also gives you a single pane of glass to manage AD and Azure AD. One of the things that we really like is that we can get to everything from ARS if we need to. So unless you are a system admin, there's no reason for you to go into Azure AD, because we have it set up so that everything syncs up with Azure AD. It gives us a level of confidence that things are matching from a governance perspective. We're trying to mature. I don't know that ARS will get us to our final destination, but it is helping us govern what we can see.

The most valuable feature is the ability to delegate by using permissions and workflows. 

Another good feature is the Change History. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated. 

We can also enforce data formats. That creates a higher quality in the data that we store in the directory by enforcing naming conventions and data formats. 

In addition, we can reach the data set by using virtual attributes, rather than extending that, so we can put schema attributes in ARS that live in AR without actually impacting the Active Directory environment.

One other thing that I really like about this product, as an engineer, is the design of it, meaning not how it looks, but how it was designed architecturally. This is one of the greatest strengths of the product. It's just designed right.

The way it captures data and transforms it into ways that will be usable for the Active Directory is the most valuable feature. 

We haven't found a different solution that is able to do this. We have been relying on manual scripting, which proved to be very unreliable. Active Roles is definitely much better.

It also improved our automation. It was already automated, but it improved it. It was able to capture more data out of Trillium and SAP and populate the Active Directory in an open-minded manner.

We have two staff members and so per staff member, Active Roles saves us 0.2 FTE.

Active Roles has improved the accuracy of our onboarding process. There are fewer errors during the sync.

It's valuable to us in that it resembles the native tools that most people have grown accustomed to. Most people come from another company where they may have not used Active Roles. Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people to interact with the tool.

The AD and AAD management features of this solution are really good. They're better than the native tools. They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see. What I really like is the fact that we have the mailbox and the user information all on one screen. With native tools, you need two tools to show that information.

The built-in templates within ARS allow you to create security groups without having to construct them on your own. It greatly simplifies the process and is also makes it much easier to review if you ever need to make changes.

The delegation feature is really important. It is one of the most valuable features that our customers appreciate about the solution. 

The provisioning and deprovisioning saves a lot of time and skips a lot of errors.

For the AD management feature, it is perfect. It covers everything. 

It gives us attribute-level control and the AD management features work very well.

• Role Based Access Control
• Provisioning, Re-provisioning, De-provisioning and Undo-De-provisioning policies
• Data validation policies
• Workflows
  • If Then Else statements
  • Approval Workflows
  • Schedule Workflows
  • Escalation
• Virtual Schema
• Virtual OU’s
• Web console with easy customization option
• Integration and data synchronization with SQL, Office 365, Lync etc.
• Event handlers

• It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system.
• It allows you to easily monitor all workflow processes.
• It has very powerful native policies and scripts, which allow you to create your own custom policies, scripts, and virtual attributes.
• In addition to using the console (MMC interface), it also gives you management from the web interface.

It provides automatic provisioning for many applications and systems, including in-house applications and cloud applications. Also, it offers a virtual directory structure and a new directory layer between users and physical directories. Management and monitoring become easier.