Coming October 25: PeerSpot Awards will be announced! Learn more
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 35

What is your primary use case for One Identity Active Roles?

How do you or your organization use this solution?

Please share with us so that your peers can learn from your experiences.

Thank you!

PeerSpot user
10 Answers
Network Analyst at a government with 501-1,000 employees
Real User
Top 20
19 April 21

We started using Active Roles because we wanted protection against user errors by our frontline service desk. We have an on-premises solution.

Becky Phares - PeerSpot reviewer
Sr Business Analyst at George Washington University
Real User
Top 10Leaderboard
01 December 20

Our primary use case for ARS is for the ease of delegating administrative access and the ability to limit direct access to the domain controllers. Those were the primary purposes for purchasing it. We do much more with it now, probably more than anyone else. We're still working through that primary use case. But in addition to that, over the course of the last seven years, we've been able to leverage ARS to allow us to do a lot more and be more efficient. We use it for dynamic groups. We automatically group users together by department, reporting structure, etc., to leverage them for access, authorization, and authentication. And we automatically group computer objects for management authorization. We have also started leveraging ARS as an identity platform. It was an interim solution until we move over to our final solution, for which we're going through vendor selection right now. The way we use it for identity is that we use custom scripts and workflows and scheduled tasks. We were able to migrate off of our legacy identity platform and move everything we currently do into ARS. While migrating to ARS, we also implemented role-based access for the administrative users and customized views for each role in ARS, in the web interface. So if you're a level-one support, you only see the tasks that you are allowed to do, versus if you're a full-blown administrator, you see everything. In addition, we use it for account creation at the university. We expose native Azure AD user group properties to assist with support increase. We provision and de-provision applications, and we create the necessary reports.

Kiril - PeerSpot reviewer
Senior IT Manager at Toronto District School Board
Real User
Top 10Leaderboard
08 October 20

We use Active Roles to facilitate the synchronization between our Active Directory environment, SAP, and our school information system which is Trillium. Trillium and SAP feed data for employees and students into the Active Directory. We use password managers to manage passwords and provide us with three sets of passwords and options for our users.

Information Security Manager at a manufacturing company with 5,001-10,000 employees
Real User
Top 10
04 October 20

We are using Active Roles for provisioning Active Directory objects and we also use it to connect, through Active Roles Synchronization Service, to our HR system and to provision and deprovision employees. In general, we use it to provision any object: security groups and computer objects, in a delegated manner. Active Roles Server allows the security of Active Directory to be changed to delegate access for provisioning to different IT teams, without changing the actual security of Active Directory. The solution is co-located in our data centers.

IT Lead, Security services at a aerospace/defense firm with 10,001+ employees
Real User
23 September 20

Our primary use case has definitely evolved since our very first use case, which was for delegation of rights within Active Directory without having to give folks native rights through Active Directory. That was our biggest driving factor into the use of Active Roles. All the other stuff that it does is a benefit, and we use it all heavily. However, we're very big into using the least privileged model and having the least amount of Active Directory native rights out there, as this cuts down on issues later. By having less people with native Active Directory rights, this cuts down on potential issues that we have to troubleshoot. It is used in our on-prem Active Directory, but the servers themselves are hosted out of Azure. So, we use IaaS, which is just having VMs in the cloud versus having our VMs on-prem. The only cloud aspect is that VMs are hosted in the Azure IaaS instance. It's a normal VM, which is part of our on-prem Active Directory, but it just happens to be hosted in Azure.

Willie Clemons - PeerSpot reviewer
Director Identity & Access Management at a tech services company with 1,001-5,000 employees
Real User
09 October 19

We use ARS to manage multiple domains. Our organization owns over thirty companies and we needed a tool that would give us the ability to apply consistent access rules across all of the businesses.

Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,952 professionals have used our research since 2012.
David-Fernandez - PeerSpot reviewer
CTO at BeClever IT Solutions
Real User
10 April 19

* It is mainly for delegation of permissions inside the domains for large companies. * It is for provisioning and deprovisioning users in the Active Directory (AD) and their licenses in Office 365.

Identity Senior Analyst at a consumer goods company with 10,001+ employees
Real User
04 April 19

We use it to lock down the interface between helpdesks and Active Directory.

Michiel Simon - PeerSpot reviewer
Technical Manager of Security at Liberty Global
Real User
03 April 19

We primarily use it for delegation access permissions, to helpdesks for example. We use it to automate certain things, like onboarding new users, deprovisioning leaving users, or when we add somebody to a group it triggers some kind of automation workflow. Lastly, we use it to sanitize data entry, to make sure that the first letter of the street name is capitalized, certain zip codes are allowed, others aren't; it's a type of data control.

Sameer Palav - PeerSpot reviewer
Managing Director at a tech services company with 51-200 employees
Real User
07 July 15

RBAC for AD and Exchange Provisioning, Re-provisioning, De-provisioning and Undo-De-Provisioning of user accounts User Self Service Virtual AD firewall

Related Questions
Danilo Di Francesco - PeerSpot reviewer
Senior Consultant & Business Analyst at present spa
Jun 03, 2022
Hi, I work as a Senior Consultant & Business Analyst at a Financial Services firm (1000+ employees). I would like to know some customers in Europe (possibly, Italy) who have chosen One Identity (specifically, One Identity Safeguard or One Identity Active Roles).  What are the costs associated with this solution? Would it be the best solution for the banking and insurance world, in your o...
Download Free Report
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
633,952 professionals have used our research since 2012.