Sold by: One Identity
Deployed on AWS
Simplify Active Directory Security and Management with One Identity Active Roles.
4.1
Overview
Active Roles allows you to manage and protect user and group accounts using automated task provisioning on directory objects, going above and beyond what is offered by native tools. Active Roles provides automation for consistent enforcement of corporate policies, an administrative model that allows you to delegate permissions based on role, and flexible, rule-based views across your entire AD identity environment via a consolidated single console. These features and more create a reliable and secure environment for distributed administration and account provisioning, allowing you to do your job faster.
Highlights
- Delegate least-privilege permissions based on role to ensure all identities and groups have proper privileges
- Consolidate all AD domains with Entra ID and M365 tenants onto a single console, ensuring better visibility and control over your entire AD/Entra ID/M365 environment
- Use automation to ensure accuracy and consistency of policy creation and enforcement and track changes to support your auditing and compliance reporting needs
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Win2025 Windows Server 2025 Datacenter 24H2 26100.4946
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
All fees are non-refundable and non-cancellable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
To access the application launch a new EC2 instance from this AMI and connect to it via RDP.
For more information, see the Active Roles Quick Start Guide: https://support.oneidentity.com/technical-documents/active-roles/8.1.5/quick-start-guide
Resources
Support
Vendor support
Once contacted Sales, follow the steps in the link below under the section 'Installing and configuring Active Roles on the EC2 instance':
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Seamlessly integrate your corporate identity provider (Okta, Entra ID, Active Directory, etc.) with AWS IAM Identity Center (formerly AWS SSO) to enable secure, centralized user access to AWS accounts and applications.
FortiCNAPP offers unmatched visibility and context to simplify and strengthen security, empowering teams to make the biggest impact with minimal effort and time.
Labra’s AWS specialists guide your team through the transition to the new Partner Central experience—ensuring your APN account, users, and permissions migrate smoothly to the unified AWS Console without disruption.
SailPoint Identity Security Accelerator is a unified, AI-powered solution for growing organizations. It combines our foundational governance engine with end-to-end application discovery, risk-based prioritization, and zero-touch onboarding. Powered by the SailPoint Platform, it delivers immediate, intelligent control and foundational identity security. Our AI transforms your chaotic application landscape into a prioritized roadmap, enabling you to bring hundreds of apps under governance in days, not months. This dramatically reduces risk and cost, establishing a scalable identity program without the friction of traditional implementations, ensuring immediate compliance wins.
Customer reviews
Ie Ogbonnaya
Interface and reporting have needed improvement while role-based access control has streamlined audits
Reviewed on Mar 04, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Active Roles is active directory management, assigning role-based access control, and onboarding processes.
I use One Identity Active Roles in onboarding new employees, assigning least privilege access to information and digital interactions based on role.
One Identity Active Roles offers automation of workflow, compliance, and auditing, including the ability to make changes, detailed auditing, and change tracking.
What is most valuable?
I use One Identity Active Roles in centralized Active Directory administration, and it helps me reduce the risk of direct domain admin access.
The auditing and change tracking features of One Identity Active Roles make it easier for me to have clear visibility of what is changed, who changed it, and how it was changed, while also helping me maintain a detailed auditing workflow.
I appreciate the security improvement and the Active Directory management features of One Identity Active Roles.
One Identity Active Roles has been impactful and helpful in the area of automation of user provisioning and de-provisioning, and it helps me maintain a good approval workflow.
One Identity Active Roles saves me time, reduces the risk of direct domain admin access, and helps me in centralized Active Directory administration.
What needs improvement?
I want One Identity Active Roles to improve in the area of user interface, modernizing it to feel more like a SaaS tool and to have user-friendly navigation.
I also want One Identity Active Roles to improve in their policy configuration area, which requires advanced expertise, and in the area of reporting, I want the reporting to be more basic, visible, and have the ability to export and customize options.
The areas needing improvement for One Identity Active Roles include the reporting, the dashboard, and simple policy configuration.
I would appreciate improvement in policy configuration and making the reporting system more basic for user interface usage.
For how long have I used the solution?
I have been using One Identity Active Roles for over four years.
What do I think about the stability of the solution?
One Identity Active Roles is very stable in the automation workflow and in compliance and auditing.
What do I think about the scalability of the solution?
The scalability of One Identity Active Roles is very acceptable; I would rate it at 80%, and it is very helpful in internal audits, making it more visible for my organization.
How are customer service and support?
The customer support of One Identity Active Roles is very good and helps to balance policy enforcement capabilities while improving my approval workflow.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I do not have any other solution rather than One Identity Active Roles because it helps me very much in the area of role-based access control.
How was the initial setup?
The setup and pricing of One Identity Active Roles were very good, helping me understand the cost and the pricing system.
What was our ROI?
I have seen a return on investment with over 75% in the area of reducing costs, and 40% in reducing risk and making the workflow easier.
Which other solutions did I evaluate?
I evaluated other options such as LastPass and Microsoft Sentinel before choosing One Identity Active Roles.
What other advice do I have?
I advise others looking into using One Identity Active Roles to utilize it because the automation in workflow is perfect, and the ability to provide detailed auditing and assist in internal audits is excellent. I would rate this review with a three out of five.
Aryan Priyanish D.
Automation has streamlined user onboarding and centralized access control for our directory
Reviewed on Mar 01, 2026
Review provided by PeerSpot
What is our primary use case?
One Identity Active Roles is used primarily to simplify and automate Active Directory user and permission management. The solution automates routine tasks such as account creation, password reset, and permission assignments. It improves security by controlling access and providing auditing capability. A centralized dashboard allows for efficient management of users and permissions from one place.
One Identity Active Roles automates repetitive tasks that would otherwise require manual effort and time. When onboarding new employees, the tool automatically creates user accounts based on predefined templates. It assigns the correct group membership and permissions according to the employee role without manual intervention. This automation reduces errors and speeds up the processes.
One Identity Active Roles ensures that security policies are consistent across the organization.
What is most valuable?
One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.
The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.
One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.
What needs improvement?
One Identity Active Roles can be improved by simplifying the setup process since a small team in a small business requires implementation without extensive IT support. Additionally, the pricing could be more flexible or tiered to better fit the budget of a smaller organization.
For how long have I used the solution?
I have used One Identity Active Roles for around one to two months.
What do I think about the stability of the solution?
One Identity Active Roles is stable.
How are customer service and support?
My rating customer service rating is 5.
How would you rate customer service and support?
Neutral
What other advice do I have?
Planning carefully for the initial setup is important as it can be complex and time-consuming. Ensure that there is access to expertise in Active Directory. The review rating for One Identity Active Roles is 9.
Yehuda Fabian
Granular delegation has improved directory security and automates provisioning tasks
Reviewed on Feb 09, 2026
Review from a verified AWS customer
What is our primary use case?
One Identity Active Roles is used for provisioning and directory management.
What is most valuable?
One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.
One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.
One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.
One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.
I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.
What needs improvement?
Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.
Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.
I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.
For how long have I used the solution?
I have been using One Identity Active Roles for about three years.
What do I think about the stability of the solution?
One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.
What do I think about the scalability of the solution?
I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.
How are customer service and support?
I rate the vendor's technical support a ten out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.
How was the initial setup?
The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.
What about the implementation team?
One Identity Active Roles was purchased through a partner.
What's my experience with pricing, setup cost, and licensing?
I am aware of the pricing; it is on the expensive side, though pricing is not my department.
What other advice do I have?
One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.
The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.
I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.
I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.
I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.
The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.
reviewer2800650
Automation has saved time in managing groups but the interface still needs modernization
Reviewed on Feb 07, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Active Roles is managing Active Directory.
I use One Identity Active Roles to manage Active Directory by adding users to groups. When I'm adding users to groups with One Identity Active Roles, we sometimes do it manually, and sometimes we automate depending on the task. There are some automations in place for simple tasks such as adding people to distribution groups, but for more complex and sensitive tasks, they are done manually where a ticket comes in ServiceNow , and then we respond to that ticket manually by adding the people and then approving it.
What is most valuable?
I think the best feature One Identity Active Roles offers is probably the automation capability, although we do not utilize it to its fullest extent.
Since automation is a highlight for me, what I like about the automation in One Identity Active Roles is the time savings.
One Identity Active Roles has positively impacted my organization by providing a consistent and easy to understand interface for Active Directory, whether you are reading it or whether you are actively managing Active Directory.
What needs improvement?
One Identity Active Roles can be improved by updating the interface as it seems to have been static for quite some time, and I feel there could certainly be improvements made. Similarly, with the automation, I feel an updated user interface would make it slightly easier to use and understand for people who are not necessarily familiar with things such as the Active Directory Users and Computers interface.
Modernization is needed for those improvements.
For how long have I used the solution?
I personally have been using One Identity Active Roles for four years, and my company has been using it for longer, probably six to eight years.
What do I think about the stability of the solution?
One Identity Active Roles is very stable and we never have any issues with it.
What do I think about the scalability of the solution?
One Identity Active Roles has scaled well with us and we are not the biggest organization, but we have never had issues with scaling it.
How are customer service and support?
Customer support for One Identity Active Roles is good and we have never had to raise an issue with customer support because it is a very stable product.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution as I was not here when we may have used a previous solution, but I think we have always had One Identity Active Roles, as it has been here for over eight years.
What was our ROI?
I have not seen a return on investment or any relevant metrics and I cannot imagine we would have saved any employees or any full-time equivalents for One Identity Active Roles.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing for One Identity Active Roles is that they are all very reasonable.
Which other solutions did I evaluate?
Before choosing One Identity Active Roles, my team did not evaluate other options because I was not here when the team chose it as it was so long ago.
What other advice do I have?
The advice I would give to others looking into using One Identity Active Roles is to be already familiar with Active Directory Users and Computers if possible, and dive into the automation as much as possible when you first receive it without hesitation to test it.
One Identity Active Roles is a very stable product and we would not consider getting rid of it, or at least a product of this sort, as there is definitely a need for it. I would say that as we migrate further into the cloud, there will probably be less of a need for it, but certainly for on-premises Active Directory, it is very important to us. I gave this review a rating of six.
reviewer2794194
Granular delegations have streamlined least-privilege access and simplified cross-domain control
Reviewed on Dec 30, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Active Roles is delegations and limiting access based on least privilege principles.
A specific example of how I use delegations and least-based access in my environment is that for cases where people only need a password reset, I can grant that capability without granting the ability to unlock accounts, or I can grant the ability to unlock without granting people password reset permissions.
What is most valuable?
The best features One Identity Active Roles offers are that it can be used across multiple domains and forests.
In our company, we have 85 different domains, and it would be cumbersome to have a separate instance of One Identity Active Roles for each domain. One Identity Active Roles allows us to give people in one domain access through One Identity Active Roles to all these other domains without them needing an account in each of those other domains, even though there does not have to be a trust between those domains.
One Identity Active Roles has positively impacted my organization by helping speed up delegations and helping us find permissions and generate reports more quickly on who has what access where.
One Identity Active Roles takes us less time, probably half the time, to complete delegations that are very granular and complex, compared to having to use native tools and scripts.
What needs improvement?
One Identity Active Roles can be improved because schemas sometimes differ between domains, and One Identity Active Roles does not behave very well with that inconsistency. We have an open case with Quest on this issue, but so far they do not have a solution for it.
I would also like to request that their support be more detailed, as we are finding difficulties getting to the correct people.
I give it an eight mainly because if we have to undo it for a divestiture, it is very difficult to strip off just the permissions easily because they are done via domain groups. We have to go back and find them all and remove them individually, so there should be an easier way to do that.
For how long have I used the solution?
I have been using One Identity Active Roles for six years.
What do I think about the stability of the solution?
One Identity Active Roles can be buggy at times, and we have to restart the server.
What do I think about the scalability of the solution?
One Identity Active Roles can handle growth in my environment, but the downside is that when we have domains that are further away from the server, it takes longer to bring up the console.
How are customer service and support?
I am not really satisfied with the customer support for One Identity Active Roles as the support is pretty limited.
How would you rate customer service and support?
Positive
What other advice do I have?
We do run into challenges with managing upgrades and patches for One Identity Active Roles, but we have a test instance that we try to do it on first.
My advice to others looking into using One Identity Active Roles is to plan out in advance and think about the big picture before you dive in. I give One Identity Active Roles an overall rating of eight out of ten.