Posted On: Nov 16, 2023

Today, we’re announcing AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD) adds support for One Identity Active Roles. Active Roles enables customers to synchronize identities between AWS Managed Microsoft AD and self-managed Active Directories, HR systems, and modern identity management systems, such as One Login, Entra ID, Okta, Ping, Google Identity and other SCIM identity providers. In addition, Active Roles provides enhanced auditing capabilities and governance controls, dynamic delegation models, least privilege access management, automated provisioning, and workflow-based approval systems, layered on top of your identity services to enhance your overall management experience.

This newly supported integration helps you consolidate multiple Active Directory domains into a single AWS Managed Microsoft AD without the need for an AD trust relationship. You can then quickly enable those identities for access to other AWS services such as Amazon Workspaces, RDS for SQL Server, FSx for Windows File server, Amazon Quicksight and Connect. Additionally, Active Roles provides a single pane of glass to monitor and manage identities across many integrated applications and identity providers, with detailed logging for changes such as object and group membership updates.

This integration is available in all AWS Regions where AWS Managed Microsoft AD is available.

To learn more about implementing One Identity Active Roles on your AWS Managed Microsoft AD, please see the Active Roles product page, Product technical documentation, and connectors list for more details. For additional information on AWS Managed Microsoft AD, please see the AWS Directory Service Administration Guide.