One Identity Active Roles

One Identity Active Roles  serves as my centralized identity and access management solution, with the key feature being the automation of users' lifecycle management. Another use case is delegated administration through a role-based administration model, which allows us to securely assign administrative tasks to different teams or individuals while maintaining governance and compliance.

A specific example of how I use One Identity Active Roles  for these tasks is in one of our projects for automating the user onboarding process. When a new employee joins the company we were building, One Identity Active Roles automatically provisions the account for the directory, assigns them to the appropriate security group based on their role, and creates the necessary permissions without manual intervention. This speeds up the onboarding and ensures consistent access rights.

Regarding my main use case for One Identity Active Roles, we have also used it to implement access requests and approval workflows for the software we were building, and we are also automating the user offboarding. The automation capabilities of One Identity Active Roles are exceptional.

The best features One Identity Active Roles offers is role-based administration, which provides secure delegation of administrative tasks to different teams or individuals while maintaining governance and compliance.

Role-based administration has helped my team because we can securely delegate specific administrative responsibilities to different teams or individuals without giving full administrator rights.

One Identity Active Roles has positively impacted my organization. My senior managers informed me that aside from using it for other companies' projects, we are using it in our company as well. The positive impact is that it saved time, improved security, and made things more efficient. However, I have only been here for four to five months, and we have been using it for one project only.

Regarding One Identity Active Roles's governance and security capabilities, the role-based delegated administration, centralized policy enforcement, and audit compliance and reporting are exceptional features. One Identity Active Roles has had a positive effect on reducing the complexity and workload of the administrative tasks related to Active Directory.

One Identity Active Roles can be improved, as the user interface could be more modernized and the reporting and analytics feature could be enhanced.

It would be beneficial if the documentation was clearer.

I have been using One Identity Active Roles for four to five months.

One Identity Active Roles is stable, and I believe it is very reliable.

One Identity Active Roles has a scalable architecture.

I have not used customer support for One Identity Active Roles.

We are using One Identity Active Roles as our solution, so I did not previously use a different solution.

Before choosing One Identity Active Roles, we did not evaluate other options.

I was not on the implementation team, so I do not have knowledge about the ease or difficulty of integrating One Identity Active Roles with our existing IT infrastructure and directory services.

I am only four to five months into my tenure at this company, so I cannot specify whether I have seen a return on investment or share relevant metrics.

I was not on the setup team either, so I cannot explain my experience with pricing, setup cost, and licensing.

Before choosing One Identity Active Roles, we did not evaluate other options.

I have been using One Identity Active Roles  for almost the last two years.

My main use case of One Identity Active Roles  is for user provisioning, group management, delegated administration, and handling access-related requests in a controlled and consistent manner.

A common example is managing department-based security groups. When new employees join, we use One Identity Active Roles to add them to the appropriate group based on their role, while delegated administrators can handle routine updates without needing full Active Directory administrative privilege. This helps to keep access management consistent and reduce dependency on the IT team for everyday requests.

Besides user and group management, we also use One Identity Active Roles for delegated administration and access governance. It helps us to standardize Active Directory tasks, reduce manual changes, and maintain better control over who can perform specific administrative actions.

The features I find most valuable in One Identity Active Roles are delegated administration, workflow automation, and role-based access control. These features help reduce manual Active Directory management, improve governance, and allow different teams to handle routine tasks without requiring full administrative privileges.

One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations. It reduced manual administrative work, improved delegation of routine tasks, and provided better control over access management. As a result, administrative processes became more streamlined and easier to govern.

One noticeable outcome was a reduction in the time spent on routine Active Directory tasks. Delegation and automation helped teams to handle common requests more efficiently without involving senior administrators. We also saw fewer administrative errors because user and group management follows standardized processes. In addition, audit and access review activities became easier due to better visibility into changes and permissions.

Another feature I need to add is that the auditing and reporting capability provides better visibility into administrative changes and helps us during compliance and review troubleshooting. I also appreciate that One Identity Active Roles centralizes many Active Directory management tasks, making administration more organized and consistent across the different teams.

One area for improvement in One Identity Active Roles would be reporting and dashboard customization. While the available reports are useful, having more flexible and easier-to-build reports would help administrators to get insights more quickly. I would also like to see a more modern user interface and better visibility into complex workflow and delegated admin permissions, especially in larger Active Directory environments.

Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues. Identifying the root cause can sometimes take longer than expected. I would also welcome more built-in guidance and recommendations for administrators, especially when managing large environments with multiple teams and permission structures.

I have been working in my current field for the last three to four years.

One Identity Active Roles has been a very stable platform. We use it regularly for provisioning users, group management, and delegated administrator-related tasks, and it performs very reliably without any doubt, with very few operational issues. Most of the challenges were related to workflow configuration or process changes rather than the product's stability itself.

From my perspective, One Identity Active Roles can scale well as the environment grows. We were able to support an increasing number of users, groups, and administrator requests without significantly changing our management processes. The delegation and automation features help maintain efficiency even as the Active Directory environment expanded.

The customer support is very good. Sometimes we face some issues from customer support, but that is part and parcel of life, so that is not a big challenge. Overall, it is good.

We were using a different solution before choosing One Identity Active Roles. We were using PowerShell for the administrative tasks. We switched because we needed better delegation, centralized management, automation, and governance. As the environment grew, managing everything through native tools became more time-consuming and harder to control consistently.

Our experience with pricing and licensing for One Identity Active Roles is generally positive. One Identity Active Roles is enterprise-focused, so the investment is justified when you need strong delegation, automation, and governance capabilities. From a setup perspective, installation was straightforward. Most of the effort went into planning the administrative role and delegation models and workflow rather than the technical deployment itself.

I would describe the integration of One Identity Active Roles with my existing IT infrastructure and directory services as fairly straightforward since our environment was already centered around Active Directory. Connecting One Identity Active Roles to existing Active Directory services was relatively smooth. Most of the effort was focused on defining the delegation model, workflow, and administrative roles rather than the technical integration itself. Our deployment fit well with our existing infrastructure.

We have seen a positive return on investment from One Identity Active Roles. The biggest benefit has been the time savings through the delegation and automation of routine Active Directory tasks. For example, password resets, user updates, and group membership changes can be handled by delegated teams without involving senior administrators. This reduces administrative workload, improves response times, and allows the IT team to focus on other strategic activities.

We were evaluating more options including Microsoft Identity Manager  and SailPoint IdentityIQ  before choosing One Identity Active Roles. We chose One Identity Active Roles because of its integration, delegating administration, and automation capabilities. This integration is very smooth, which is why we chose this solution.

Delegated administration has had the biggest impact for me. It allows routine tasks such as password resets, account updates, and group membership changes to be handled by the support team without granting full Active Directory administrative rights. In day-to-day work, this reduces the number of requests reaching the IT team and helps us to focus on more complex administrative and infrastructure tasks.

In my experience, the output from One Identity Active Roles has been reliable and consistent. User provisioning, group management, and delegated administration tasks generally work as expected when the policies and workflows are configured correctly. From an automation perspective, the platform relies more on predefined roles and automation than AI-driven decision-making. Because of that, the results are predictable and dependable, which is important for identity and access management operations.

In our environment, One Identity Active Roles is deployed in a hybrid environment. The solution is hosted within our on-premises infrastructure and integrated with cloud services where needed. This approach allows us to maintain control over Active Directory administration while supporting broader hybrid identity requirements.

As a part of our hybrid environment, we primarily use Microsoft Azure . It integrates well with our Active Directory and identity management infrastructure, making it easier to support both on-premises and cloud-based resources. Azure  has helped maintain a consistent approach to identity access management and governance across the environment.

We do not apply fine-grained policies.

My impression of the automation capabilities provided by One Identity Active Roles is positive. They help reduce manual Active Directory administration and ensure that routine tasks follow consistent processes. For example, user onboarding can be automated so that new accounts are created with the correct attributes, group memberships, and permissions based on a predefined role. This saves time and reduces the chances of configuration errors.

One Identity Active Roles helped reduce both the complexity and workload of Active Directory administration. Routine tasks such as user provisioning, group membership updates, and account maintenance become more structured and easier to manage. As a result, administrators spend less time on repetitive tasks and more time on high-priority projects, while also reducing the risk of manual errors.

I would definitely refer my friends and colleagues to One Identity Active Roles to whoever wants to reduce the administrative load. My advice would be to start with a clear delegation and strategy and governance model before implementation. This will help to ensure that the administrative responsibilities and access controls are properly defined from the beginning. I would also recommend starting with core use cases such as user provisioning and group management, then expanding into more advanced automation workflows as the team becomes familiar with the platform.

We are only a customer of One Identity Active Roles. I would rate this product overall as an 8 out of 10.

My main use case of One Identity Active Roles  is managing user life cycle activity in Active Directory on a daily basis. I use it for user provisioning, group membership management, delegated administration, and handling access-related requests while maintaining governance controls.

Besides user provisioning, I also use One Identity Active Roles  for delegated administration and access governance. It helps me to control who can perform specific tasks without granting broad administrative rights, which has been useful for maintaining security and operational consistency.

The features I found most valuable in One Identity Active Roles are delegated administration, workflow-based automation, and role-based access control. These features help streamline Active Directory management while maintaining better control over administrative permissions and access requests.

Workflow automation helped by reducing the number of manual steps involved in routine AD tasks. For example, when a new user request comes in, the approval and provisioning process follows a predefined workflow instead of relying on emails and manual coordination. This made requests more consistent and reduced the chances of missing important access assignments or approvals.

The auditing and reporting capability is worth mentioning. It gives better visibility into administrative changes and helps during the access review or audit activity. I also appreciate how the platform centralizes many AD management functions.

One area for improvement would be troubleshooting and reporting. When dealing with complex workflows or delegated permissions, identifying the root cause of an issue can sometimes take longer than expected. I would also like to see a more modern administrative experience and greater visibility into workflow activities to make day-to-day management easier.

Another improvement I would like to see is better visibility into delegation and access relationships. In larger environments with multiple teams and administrative roles, it can sometimes be difficult to quickly understand why a user has a particular permission or access level.

I have been working in my current field for the last three years.

One Identity Active Roles has been a stable platform in my experience. I use it regularly for user management, delegation, and access-related tasks, and it performs reliably in day-to-day operations. Most issues I encountered were related to workflow configuration or process changes.

From my experience, One Identity Active Roles scales well as the environment grew. I was able to manage an increasing number of users, groups, and administrative requests without significant changes to my processes. Features like delegation and automation helped support growth while keeping administration manageable and consistent.

My experience with customer support has been positive overall. The support team was generally responsive and had a good understanding of Active Directory, delegation, and workflow-related issues. For more complex cases, resolution times sometimes required escalation, but the guidance provided was usually helpful and technically sound.

Before One Identity Active Roles, I primarily relied on the native Active Directory administration tools and PowerShell scripts for user and AD group management. I switched because I wanted a more centralized approach with delegation, automation, and governance. As the environment grew, managing permissions and administrative tasks manually became harder to maintain consistently.

I found the integration fairly straightforward because my environment was already centered around Active Directory. The core connectivity and synchronization were not difficult to establish. Most of the effort went into designing the delegation model and approval workflows to align with the existing operational processes rather than the technical integration itself.

The ROI was mainly seen in time savings and operational efficiency rather than directly reducing headcount. Routine tasks such as user provisioning, account maintenance, and access requests require less manual effort than before the implementation. I also saw fewer escalations to the AD team because delegated administration allowed support teams to handle common requests independently, which improved overall productivity.

I evaluated a few alternatives including Microsoft Identity Manager  and SailPoint. I ultimately chose One Identity Active Roles because it aligned well with my Active Directory-focused environment and offered a good balance of delegation, automation, and governance capabilities without adding too much operational complexity.

One outcome I noticed was a reduction in manual AD administration. Routine tasks such as user account management and group updates became more structured, which helped reduce configuration mistakes. I also found that access reviews and audit preparation became easier because administration changes were centrally managed and easier to track.

In my environment, One Identity Active Roles is deployed in a hybrid setup. The application runs on virtual servers in my on-premises data center while supporting identity management processes that interact with my cloud services. This approach works well because it allows me to maintain control over the Active Directory administration.

As part of my hybrid environment, I primarily use Microsoft Azure  since my infrastructure is closely aligned with Active Directory and Microsoft services. Azure  integrates well with my identity and access management processes. It allows me to support both on-premises and cloud-based identity requirements.

I have used fine-grained permission control in One Identity Active Roles. It was particularly useful for delegating specific administrative tasks to support teams without granting full Active Directory administrative rights.

I would rate this review a nine out of ten.

One Identity Active Roles  serves as our absolute main solution for automating the entire user life cycle from day one onboarding to offboarding while enforcing strict role-based access. Before this implementation, we were drowning in manual tickets for setting up accounts, assigning groups, and provisioning mailboxes across our hybrid and Entra setup.

A classic scenario we deal with all the time involves departmental transfers. When an employee moves from finance to marketing and HR updates their department code, One Identity Active Roles  automatically triggers a workflow that handles the transition overnight. This immediately revokes their finance-specific AD groups, strips their access to restricted financial folders, provisions them into the correct marketing distribution list and Entra ID roles, updates their manager attribute, and updates information in their company directory without any manual intervention. At the end, it sends an automated notification to their respective managers to confirm whether the access swap is completed. This entirely prevents privilege creep where moving departments causes people to accumulate leftover permissions.

One major benefit of One Identity Active Roles for our main use case is how much it simplified our compliance audits. Before we deployed it, trying to track down who granted specific permissions or why a user was added to a privileged group meant digging through endless active AD logs. Now One Identity Active Roles acts as a single choke point for all modifications, so everything is centralized and tracked automatically.

The absolute best features One Identity Active Roles offers include a fine-grained delegation policy framework that allows our regional IT teams and help desks the exact access they need to do their jobs without handing over broad, risk-native AD permissions. Close behind that is a workflow automation engine which handles our multi-stage approvals seamlessly.

We also heavily rely on the automated de-provisioning feature which ensures that when someone leaves, their access across on-prem and AD, Exchange, and Entra ID is instantly and cleanly stripped. Having all of this managed from a single web interface instead of hopping between multiple Microsoft consoles is a massive win for our daily operations.

Before we implemented One Identity Active Roles, our regional IT teams often needed domain admin or account operator rights just to perform routine tasks like modifying local group membership or updating specific user attributes, which was a massive security risk because the native AD did not give us the granular control to avoid it. Now we use the delegation policies to restrict them strictly to their own organizational units.

One Identity Active Roles has proven to be the absolute best product on the market for what it does, so we do not have any major complaints about it. It handles our hybrid AD and Entra ID environment so cleanly that it is tough to find a fault within the core product.

If I had to identify areas for improvement, I would note that when you start building highly advanced multi-stage approval workflows, the logic can get a bit complex and requires a solid understanding of the tool to maintain. Additionally, because it is so powerful, managing a massive library of custom scripts over several years takes more disciplined governance to keep things organized. However, in terms of out-of-the-box capability, scalability, and daily reliability, it is pretty much unmatched compared to its competitors.

One Identity Active Roles is very stable across multiple tiers. As more employees are added, we do not have to manage each of them individually. The scripts and automated One Identity Active Roles directory features take the workload out of our hands, effectively doing everything we described earlier, and each one takes the same amount of time regardless of the scale we are discussing.

We chose One Identity Active Roles because of its maturity and enterprise stability, as our roadmap was heavily anchored in a complex hybrid Microsoft ecosystem. One Identity Active Roles gave us absolute confidence that it could handle the deep attribute level security proxying without breaking a sweat, backed by broader enterprise support of One Identity fabric.

One Identity Active Roles' scalability is one of its strongest arguments due to its horizontal scale via proxy architecture. It scales out horizontally by utilizing multiple independent One Identity Active Roles administrator service hosts, allowing administrator and help desk operators and automated workflows to interact with the ARS proxy servers rather than hitting domain controllers directly, enabling user concurrency to scale indefinitely.

A few data configurations are required to maintain speed, such as keeping within the 1 ms latency rule and ensuring parallelism. In short, One Identity Active Roles scales beautifully to handle massive enterprise workloads with its ultimate ceiling determined entirely by how well you architect and tune its underlying SQL backend.

Overall experience with One Identity Active Roles customer support has been highly solid and technically competent. For standard support and routine inquiries, standard configuration or native Active Directory integration questions, the engineers are incredibly knowledgeable, usually rating a 9 out of 10 for technical insight.

However, there are edge cases where if you are dealing with complex and highly customized scripts inside an event-driven automation workflow or troubleshooting a bizarre synchronization error deep within your Microsoft Entra ID  tenants, you can expect some delay because they really want to structure the escalation process to senior product engineers who understand the underlying database hooks. Their SLA responsiveness and severity tiers are incredible, using configuration questions to pinpoint the problem we are experiencing and curating their responses accordingly.

One Identity support portal is heavily built around a robust self-service model, and their knowledge base, release notes, and community forums are heavily populated and frequently updated.

Before One Identity Active Roles, we did not actually use a commercial third-party identity and access management software. Instead, we relied on a complex web of native Microsoft management tools combined with an extensive library of homegrown PowerShell scripts.

The integration process of One Identity Active Roles with our existing IT infrastructure and directory services was remarkably straightforward, mostly because One Identity Active Roles is built from the ground up to sit naturally on top of Microsoft architecture. Since we already had a well-defined Active Directory structure and established OU layout, the core deployment did not require us to tear down or re-engineer any of the existing infrastructure.

One Identity Active Roles basically overlays onto your directory, acting as a secure proxy layer rather than a disruptive overhaul. The initial setup for standard synchronization and basic policy enforcement took just a couple of weeks to get completely up and running. The majority of your time and effort is not technical friction with the product itself, but mapping out your business logic and defining your approval lines and planning your delegation roles before configuring them.

The return on investment from One Identity Active Roles has been incredibly clear and measurable for us. The time reclaimed by Tier 3 engineers is about 15 to 20 hours every single week for our senior systems and security engineers. The efficiency in user provisioning and offboarding, which used to take almost 24 to 48 hours due to a multi-step process, is now down to just 5 minutes, which is incredible for how it closed down the gap.

The help desk resolution speed for basic Tier 1 requests, including password resets, group modifications, and profile attribute updates, is now resolved on the very first call because we safely delegated these tasks to help desk through clean access templates, resulting in a nearly 80% drop in ticket escalation queues.

Our experience with the pricing, setup cost, and licensing of One Identity Active Roles reflects the platform's status as an enterprise-grade premium product. One Identity structured the Active Roles licensing per enabled user, making this model incredibly scalable and predictable since it only counts active enabled user accounts, meaning we are not paying for disabled accounts, service accounts, or the administrative overhead for Tier 1 and Tier 3 teams.

While the software installation process itself is very straightforward, the true setup cost is heavily tied to professional services and implementation. Because the tool is highly customizable, you will likely want to budget for One Identity professional services or a certified implementation partner during the initial phase.

Although the upfront capital expenditure for licensing and implementation services was a significant investment, the operational savings shifted from the bottom line almost immediately. By automating users' life cycle management and safely delegating tasks to Tier 1 support, we drastically reduced the workload for administrative personnel. The hours saved by Tier 3 engineers alone, around 15 to 20 hours every week from AD maintenance, allowed us to recoup our initial setup and licensing costs well ahead of schedule.

Before deciding on One Identity Active Roles, we evaluated multiple software solutions, including ADx by Softerra and ManageEngine ADManager Plus .

If you are in the position we were in a few years ago, stuck maintaining an ungodly amount of fragile custom PowerShell scripts and constantly stressing over broad AD permissions, One Identity Active Roles is a fantastic move. I advise fixing your business logic before you touch the software, as One Identity Active Roles is an incredibly flexible tool, but it will automate exactly what you tell it to do. If your organization's current identity life cycle process is messy, manual, and full of special exceptions, automating them will only create a faster automated mess.

I would advise sitting down with HR, security, and your regional IT leads before you start configuring workflows. Standardize exactly what happens when a user is hired, transferred, and terminated, and map out your approval chains on a whiteboard first. Once your business rules are clear on paper, plugging them into One Identity Active Roles engine is incredibly smooth.

Do not drop the One Identity Active Roles database onto a generic, over-located, shared SQL cluster. Treat it like a Tier 1 critical application. Leverage virtual attributes to protect the core schema by creating them as virtual attributes for custom fields to track employee IDs, contractor's end dates, or specific HR flags for automation, which keeps your native AD schema pristine and protects against accidental schema corruption. Finally, budget for professional services or training upfront, and plan your web interface views by persona, ensuring to build distinct web profiles tailored specifically to different personas to reduce human error and cut training time for junior staff to zero. I would rate this product a 10 out of 10 based on my overall experience.

Our main use case for One Identity Active Roles  is Active Directory administration and user lifecycle management, and we use it to create, modify, disable, and manage user accounts, groups, and permissions in a controlled and standardized manner, which improves security and reduces the risk of manual error when managing the Active Directory environment.

A good example of how we use it for user lifecycle management is user onboarding, where instead of manually creating accounts and assigning permissions in Active Directory, One Identity Active Roles  automation automates the process using predefined templates and workflows, saving time, reducing errors, and ensuring users receive the correct access from day one.

Another benefit of our main use case with One Identity Active Roles is delegated administration, which allows different teams to perform specific tasks without needing full Active Directory access, improving security and making administration much easier while helping with auditing and change tracking.

The best features of One Identity Active Roles include user lifecycle management, delegated administration, automation, and role-based access control, where user lifecycle management helps to standardize and automate tasks, and delegated administration allows teams to perform specific tasks without giving them full Active Directory privileges, thus improving both security and operational efficiency.

For one example regarding how automation and role-based access have helped my team, the user onboarding process used to involve the administrator manually creating accounts, assigning groups, and configuring permissions; however, with One Identity Active Roles, the process can be standardized through workflows and templates, which reduces manual effort, speeds up provisioning, and ensures users receive the correct access from the start, while I also appreciate the auditing and change tracking capabilities for visibility into who changed what and when, which aids troubleshooting, compliance, and overall governance in our Active Directory environment.

One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts.

The main improvement I would like to see for One Identity Active Roles is a more modern and intuitive interface, along with more customizable reporting and dashboards to enhance our experience with the platform.

I would appreciate more integration with other identity and security tools, alongside more flexible reporting and dashboards to improve the functionality of One Identity Active Roles while we have not faced major performance issues.

I have been using One Identity Active Roles for approximately one year.

I have not used the AI-specific capabilities extensively, but the overall output from One Identity Active Roles has been accurate, and we still perform reviews for important changes; however, I find the system to be consistent and dependable.

I rate One Identity Active Roles a 9 out of 10 because it has helped simplify Active Directory administration, improve security, delegate access, and reduce manual errors through automation, making it a reliable and valuable solution for identity and access management.

I chose 9 out of 10 because it is a reliable and feature-rich solution that has enhanced efficiency and security for my team, while to reach a perfect 10, I would like to see a more modern interface, improved reporting, and additional integrations with other platforms.

From my experience with One Identity Active Roles, governance and security are some of the strongest aspects of the platform because it provides role-based access control, delegated administration, and detailed auditing to ensure that administrative activities are properly controlled and monitored, and while I have not extensively utilized specific AI-driven capabilities, the overall security model helps reduce the risk of unauthorized changes and improves visibility into who performs what actions.

I utilize One Identity Active Roles in an on-premises environment that is integrated with our Active Directory infrastructure, so it primarily operates within our on-premises setting.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has helped us enforce least privilege access by allowing users to perform only the tasks relevant to their role, notably enabling the help desk team to manage passwords and user accounts without requiring full Active Directory administrative rights, thereby improving security and control.

I assess the integration of One Identity Active Roles with our existing IT infrastructure and directory services as manageable, as it has facilitated effective implementation of least privilege access by allowing us to delegate specific tasks to different teams without granting full administrative rights, thus enhancing security and reducing risk. My overall review rating for One Identity Active Roles is 9 out of 10.