We use Active Roles as a single point to manage all our users. We're using all of the system's management capabilities, like setting group policies and delegating roles. We have around 1,400 users and 25 or 30 admins. The company uses Active Roles as a standalone solution because we don't have HR or ERP systems connected to applications. We aren't using it to migrate from Active Directory to Azure AD. We use a Microsoft solution called AD Sync. We had this functionality before implementing Active Roles, but we hope to get that improved connectivity to Azure AD and Exchange Online.
Sr Business Analyst at George Washington University
Real User
2020-12-01T05:04:00Z
Dec 1, 2020
Our primary use case for ARS is for the ease of delegating administrative access and the ability to limit direct access to the domain controllers. Those were the primary purposes for purchasing it. We do much more with it now, probably more than anyone else. We're still working through that primary use case. But in addition to that, over the course of the last seven years, we've been able to leverage ARS to allow us to do a lot more and be more efficient. We use it for dynamic groups. We automatically group users together by department, reporting structure, etc., to leverage them for access, authorization, and authentication. And we automatically group computer objects for management authorization. We have also started leveraging ARS as an identity platform. It was an interim solution until we move over to our final solution, for which we're going through vendor selection right now. The way we use it for identity is that we use custom scripts and workflows and scheduled tasks. We were able to migrate off of our legacy identity platform and move everything we currently do into ARS. While migrating to ARS, we also implemented role-based access for the administrative users and customized views for each role in ARS, in the web interface. So if you're a level-one support, you only see the tasks that you are allowed to do, versus if you're a full-blown administrator, you see everything. In addition, we use it for account creation at the university. We expose native Azure AD user group properties to assist with support increase. We provision and de-provision applications, and we create the necessary reports.
Senior IT Manager at Toronto District School Board
Real User
2020-10-08T07:25:00Z
Oct 8, 2020
We use Active Roles to facilitate the synchronization between our Active Directory environment, SAP, and our school information system which is Trillium. Trillium and SAP feed data for employees and students into the Active Directory. We use password managers to manage passwords and provide us with three sets of passwords and options for our users.
Information Security Manager at a manufacturing company with 5,001-10,000 employees
Real User
2020-10-04T06:40:00Z
Oct 4, 2020
We are using Active Roles for provisioning Active Directory objects and we also use it to connect, through Active Roles Synchronization Service, to our HR system and to provision and deprovision employees. In general, we use it to provision any object: security groups and computer objects, in a delegated manner. Active Roles Server allows the security of Active Directory to be changed to delegate access for provisioning to different IT teams, without changing the actual security of Active Directory. The solution is co-located in our data centers.
IT Lead, Security services at a aerospace/defense firm with 10,001+ employees
Real User
2020-09-23T06:10:00Z
Sep 23, 2020
Our primary use case has definitely evolved since our very first use case, which was for delegation of rights within Active Directory without having to give folks native rights through Active Directory. That was our biggest driving factor into the use of Active Roles. All the other stuff that it does is a benefit, and we use it all heavily. However, we're very big into using the least privileged model and having the least amount of Active Directory native rights out there, as this cuts down on issues later. By having less people with native Active Directory rights, this cuts down on potential issues that we have to troubleshoot. It is used in our on-prem Active Directory, but the servers themselves are hosted out of Azure. So, we use IaaS, which is just having VMs in the cloud versus having our VMs on-prem. The only cloud aspect is that VMs are hosted in the Azure IaaS instance. It's a normal VM, which is part of our on-prem Active Directory, but it just happens to be hosted in Azure.
Director Identity & Access Management at a tech services company with 1,001-5,000 employees
Real User
2019-10-09T20:52:00Z
Oct 9, 2019
We use ARS to manage multiple domains. Our organization owns over thirty companies and we needed a tool that would give us the ability to apply consistent access rules across all of the businesses.
* It is mainly for delegation of permissions inside the domains for large companies. * It is for provisioning and deprovisioning users in the Active Directory (AD) and their licenses in Office 365.
We primarily use it for delegation access permissions, to helpdesks for example. We use it to automate certain things, like onboarding new users, deprovisioning leaving users, or when we add somebody to a group it triggers some kind of automation workflow. Lastly, we use it to sanitize data entry, to make sure that the first letter of the street name is capitalized, certain zip codes are allowed, others aren't; it's a type of data control.
Managing Director at a tech services company with 51-200 employees
Real User
2015-07-07T10:50:00Z
Jul 7, 2015
RBAC for AD and Exchange Provisioning, Re-provisioning, De-provisioning and Undo-De-Provisioning of user accounts User Self Service Virtual AD firewall
One Identity Active Roles is a highly regarded solution for Active Directory (AD) security and account management. One Identity Active Roles will enhance group, account, and directory management while eradicating the need for manual processes. The end result is a significant increase in the overall speed, efficiency, and security of the organization.
Using One Identity Active Roles, users can:
Easily increase and strengthen native attributes of Active Directory (AD) and Azure AD.
Quickly...
We use the solution for managing access to, shared drives and access for Active Directory.
We're using it for identity management, including the creation of accounts and synchronizing them with our HR system.
The solution is used for lifecycle management and can be deployed on-prem or cloud.
We use Active Roles as a single point to manage all our users. We're using all of the system's management capabilities, like setting group policies and delegating roles. We have around 1,400 users and 25 or 30 admins. The company uses Active Roles as a standalone solution because we don't have HR or ERP systems connected to applications. We aren't using it to migrate from Active Directory to Azure AD. We use a Microsoft solution called AD Sync. We had this functionality before implementing Active Roles, but we hope to get that improved connectivity to Azure AD and Exchange Online.
We started using Active Roles because we wanted protection against user errors by our frontline service desk. We have an on-premises solution.
Our primary use case for ARS is for the ease of delegating administrative access and the ability to limit direct access to the domain controllers. Those were the primary purposes for purchasing it. We do much more with it now, probably more than anyone else. We're still working through that primary use case. But in addition to that, over the course of the last seven years, we've been able to leverage ARS to allow us to do a lot more and be more efficient. We use it for dynamic groups. We automatically group users together by department, reporting structure, etc., to leverage them for access, authorization, and authentication. And we automatically group computer objects for management authorization. We have also started leveraging ARS as an identity platform. It was an interim solution until we move over to our final solution, for which we're going through vendor selection right now. The way we use it for identity is that we use custom scripts and workflows and scheduled tasks. We were able to migrate off of our legacy identity platform and move everything we currently do into ARS. While migrating to ARS, we also implemented role-based access for the administrative users and customized views for each role in ARS, in the web interface. So if you're a level-one support, you only see the tasks that you are allowed to do, versus if you're a full-blown administrator, you see everything. In addition, we use it for account creation at the university. We expose native Azure AD user group properties to assist with support increase. We provision and de-provision applications, and we create the necessary reports.
We use Active Roles to facilitate the synchronization between our Active Directory environment, SAP, and our school information system which is Trillium. Trillium and SAP feed data for employees and students into the Active Directory. We use password managers to manage passwords and provide us with three sets of passwords and options for our users.
We are using Active Roles for provisioning Active Directory objects and we also use it to connect, through Active Roles Synchronization Service, to our HR system and to provision and deprovision employees. In general, we use it to provision any object: security groups and computer objects, in a delegated manner. Active Roles Server allows the security of Active Directory to be changed to delegate access for provisioning to different IT teams, without changing the actual security of Active Directory. The solution is co-located in our data centers.
Our primary use case has definitely evolved since our very first use case, which was for delegation of rights within Active Directory without having to give folks native rights through Active Directory. That was our biggest driving factor into the use of Active Roles. All the other stuff that it does is a benefit, and we use it all heavily. However, we're very big into using the least privileged model and having the least amount of Active Directory native rights out there, as this cuts down on issues later. By having less people with native Active Directory rights, this cuts down on potential issues that we have to troubleshoot. It is used in our on-prem Active Directory, but the servers themselves are hosted out of Azure. So, we use IaaS, which is just having VMs in the cloud versus having our VMs on-prem. The only cloud aspect is that VMs are hosted in the Azure IaaS instance. It's a normal VM, which is part of our on-prem Active Directory, but it just happens to be hosted in Azure.
We use ARS to manage multiple domains. Our organization owns over thirty companies and we needed a tool that would give us the ability to apply consistent access rules across all of the businesses.
* It is mainly for delegation of permissions inside the domains for large companies. * It is for provisioning and deprovisioning users in the Active Directory (AD) and their licenses in Office 365.
We use it to lock down the interface between helpdesks and Active Directory.
We primarily use it for delegation access permissions, to helpdesks for example. We use it to automate certain things, like onboarding new users, deprovisioning leaving users, or when we add somebody to a group it triggers some kind of automation workflow. Lastly, we use it to sanitize data entry, to make sure that the first letter of the street name is capitalized, certain zip codes are allowed, others aren't; it's a type of data control.
RBAC for AD and Exchange Provisioning, Re-provisioning, De-provisioning and Undo-De-Provisioning of user accounts User Self Service Virtual AD firewall