One Identity Active Roles is primarily used for Active Directory administration, user lifecycle management, delegated administration, and automation of identity-related tasks.

A common day-to-day use case for One Identity Active Roles is automating employee onboarding and offboarding. For example, when a new employee joins, One Identity Active Roles automatically provisions the user account, assigns the correct groups and permissions based on role or department, and applies the required policies.

The best features of One Identity Active Roles are the automation of Active Directory tasks, delegated administration, role-based access control, and centralized identity management. The automation workflows for user provisioning and deprovisioning are especially valuable because they reduce manual effort and improve consistency.

These features have helped the team reduce manual Active Directory administration tasks specifically and improve consistency in user management.

Overall, One Identity Active Roles has had a positive impact by improving operational efficiency, reducing administrative workload, and strengthening identity governance. Automation and delegated administration help streamline day-to-day user management tasks while centralized auditing and policy enforcement improve security and compliance across the organization.

After implementing One Identity Active Roles, a significant reduction in manual user administration work and fewer provision errors were noticed.

One Identity Active Roles could be improved with a more modern and intuitive user interface, simpler reporting customization, and easier integration with cloud-native identity programs. Faster performance in large environments and more streamlined workflow configuration would also enhance the overall administration experience.

I have been working in this field for the last 1.2 years.

One Identity Active Roles is stable.

One Identity Active Roles scales very well for medium to large enterprise environments, managing large numbers of user groups and administrative workflows. In our experience, the centralized management, automation capabilities, and delegated administration features help maintain efficiency even as the Active Directory environment grows. It reduces the number of proportional increases in administrative workload while supporting more users, policies, and organizational units.

Customer support was good.

I rate the customer support a 10.

Overall, integrating One Identity Active Roles with the existing Active Directory environment was relatively straightforward because it is designed to work closely with the Microsoft-based infrastructure.

Fine-grained permission control features in One Identity Active Roles have been used to delegate specific administrative tasks without giving full domain-level access.

One Identity Active Roles has provided a clear return on investment. Automation and delegated administration reduced the amount of manual Active Directory work significantly, especially for onboarding, offboarding, and access management tasks. Administrative effort for routine identity tasks was reduced by around 40 to 50 percent. This saved considerable time for the IT team and reduced the number of additional administrative resources as the environment grew.

The experience with pricing and licensing was positive. Although it was more enterprise-oriented compared to native Active Directory tools, licensing is typically based on the number of managed users or accounts, so proper planning is important as the environment scales.

Fine-grained permission control features in One Identity Active Roles have been used to delegate specific administrative tasks without giving full domain-level access. I rate One Identity Active Roles a 10. One Identity Active Roles received a high rating because it significantly improved identity administration efficiency, reduced manual Active Directory tasks, and strengthened access governance. For organizations considering One Identity Active Roles, the advice is to invest time in planning roles, delegation models, and automation workflows before deployment.

Our main use case for One Identity Active Roles is centralized Active Directory administration and user lifecycle management. We primarily use it for automated user provisioning and de-provisioning, role-based access control, group management, and delegating administrator tasks securely without giving full domain admin rights.

One common scenario is delegating password reset and user account unlock tasks to the service desk team using One Identity Active Roles.

Another valuable aspect for our use case with One Identity Active Roles is automation and standardization. We use it to apply consistent user provisioning policies, naming conventions, and group assignments across the organization.

One Identity Active Roles has had a positive impact on our organization by improving security and simplifying Active Directory management. One of the biggest benefits has been secure delegation. We no longer need to provide full domain administrator access for routine tasks, which has reduced security risk and improved operational control. Help desk and regional IT teams can handle common user management activities within their assigned scope without affecting critical systems.

We have seen noticeable operational and security improvements after implementing One Identity Active Roles. One major improvement was the reduction in manual administrator effort for tasks such as user provisioning, password resets, group assignments, and account deactivation, which became much faster through automation and delegation. This has reduced the workload on senior administrators and improved response times for end users.

The best features of One Identity Active Roles are its automated delegation and centralized Active Directory management capabilities. Based on my experience, these are the most valuable features, including role-based access control and automated workflows, dynamic group management, change tracking, and auditing, hybrid environment management, and access templates and policy enforcement.

The feature that made the biggest difference for us with One Identity Active Roles is the role-based delegation. Automation workflow, automated user provisioning, de-provisioning, group management, and policy enforcement reduce manual work and human error. Dynamic group management, such as automatically adding or removing users from groups based on predefined rules and attributes, also contributes significantly.

One area where One Identity Active Roles could be improved is the user interface. A more modern and simplified interface would help reduce the learning curve and improve day-to-day management efficiency.

I would also appreciate improvements in cloud-focused management and integration. Many organizations now operate in a hybrid or cloud-first environment, so having more intuitive Microsoft 365 and Entra ID management workflows would improve operational efficiency.

There are still a few areas where improvements could be made to One Identity Active Roles, such as a more modern user interface experience. The interface is powerful but can be dated and complex. A cleaner, more intuitive UI would make daily admin tasks faster and easier, particularly for new administrators. It also needs a strong cloud-native experience and simplified workflows and reporting setup.

I have worked in this field for the last seven years.

One Identity Active Roles is very stable.

Its scalability is good.

Customer support is good, and I rate customer support a nine.

Before selecting One Identity Active Roles, we evaluated several other options, including Active Directory management and IAM solutions, such as Microsoft native tools, AD Entra, ManageEngine ADManager Plus, NetIQ, SailPoint, Okta, and JumpCloud. While other tools were very strong, especially in areas including governance and cloud IAM, One Identity Active Roles stood out for operational AD management, particularly secure delegation, which was our primary requirement. We chose One Identity Active Roles based on this evaluation.

Integrating One Identity Active Roles with an existing IT infrastructure and directory services is generally of moderate difficulty. It is not overly complex, but it does require proper planning and Active Directory expertise.

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations. The typical ROI outcomes we have observed include time savings in user provisioning, which previously took twenty to thirty minutes per request. After implementing One Identity Active Roles, we reduced this to approximately five to ten minutes using templates and automation. This alone represents a sixty to seventy percent time reduction per request.

We have seen a clear return on investment from the implementation, mainly in time savings, reduced help desk load, and improved Active Directory operations.

Our experience with pricing, setup costs, and licensing indicates that it is on the higher side but justified by the enterprise value. The licensing model is typically subscription-based and usually calculated based on the number of managed user accounts.

Our experience with delegation in One Identity Active Roles has been very positive and has fundamentally changed how we manage Active Directory operations. With delegation, we have implemented role-based delegation to assign specific administrator responsibilities to different IT teams, such as the help desk team for password resets, account unlocks, and basic user attribute updates; the regional IT team for user and group management; and the AD administrator for higher-level tasks including policy changes, schema-related operations, and domain controller control.

The key advice I would recommend is to invest time in design before implementation, redefine your role model and UI structure, start small and expand gradually, and keep your delegation strategy role-based.

One Identity Active Roles has significantly reduced both the complexity and the workload for Active Directory administration in our environment. The impact on workload has been a major reduction in manual AD tasks. Routine activities such as user creation, password resets, group updates, and account disabling and enabling are now largely automated and delegated to various roles.

The automation capabilities are generally very strong, especially for Active Directory lifecycle management and role-based access control. One Identity Active Roles is designed to reduce manual IT administration by turning repetitive identity tasks into policy-driven and workflow-based automation.

Fine-grained permission control in One Identity Active Roles has been a key part of implementing least privilege access in our environment. We use it to define very specific permissions at a granular level, such as allowing the help desk team to reset passwords and unlock access only within their assigned organizational units, restricting group management rights so that users can only modify specific security or distribution groups, and limiting attribute-level changes. The impact on least-privilege implementation has been reduced over-privileged accounts, a strong security posture, clear accountability, better compliance alignment, and operational efficiency without risk trade-offs.

I rate this review an eight overall.

My main use case for One Identity Active Roles is managing Active Directory users and groups in a centralized way, and I primarily use it for provisioning, access management, password reset, onboarding and off-boarding processes, and delegated administration.

During employee onboarding, I use One Identity Active Roles to create user accounts, assign the required group membership, apply department-based permissions, and configure account policies from a centralized console. For delegated administration, specific tasks such as password reset or basic account management can be assigned to a specific support team without giving them full domain admin access, which improves security and also reduces workload for senior administrators.

Apart from onboarding and access management, I also use One Identity Active Roles for account lifecycle management, such as disabling accounts during off-boarding and updating permissions during role changes. It helps with maintaining consistency through policy-based administration and reduces manual effort for repetitive Active Directory tasks.

A valuable feature of One Identity Active Roles is delegated administration because it allows different teams to handle specific tasks without giving full Active Directory access. I also find that centralized user and group management very useful since it simplifies onboarding, off-boarding, permission updates, and account management from a single interface. The strong feature is automation and workflow management, which helps reduce manual effort and improve consistency and minimize administrative errors.

Account creation, group assignment, and permission management can all be handled from one place instead of manually configuring everything in Active Directory, making it much faster. Delegated administration also makes support operations easier because basic tasks of password reset and account unlocks can be securely handled by the support team without requiring administrative privileges. These features improve visibility and help maintain better control over administrative changes.

One Identity Active Roles has impacted my organization by simplifying centralized Active Directory management and improving efficiency for user provisioning, access management, and routine administrative tasks. It also enhanced security through delegated administration because teams can perform specific tasks without needing full domain admin rights. Another positive impact is reduced manual errors and faster onboarding and off-boarding processes, which improved overall operational efficiency for my IT team.

Troubleshooting could be more streamlined when dealing with detailed administrative changes or resolving synchronization issues. Additionally, improving the overall performance and simplifying some workflow configurations would make day-to-day operations easier.

I have been using One Identity Active Roles for around one year.

One Identity Active Roles has been a stable solution for day-to-day Active Directory administrative and identity management tasks in my experience, as I have been able to use it reliably for user provisioning, delegated administration, and access management with consistent performance. As with any enterprise solution, proper configuration and maintenance are important, but overall, it has been stable in my environment.

One Identity Active Roles is scalable and is actually designed specifically for large enterprise environments and hybrid environments, so it has centralized multi-domain management tailored for large enterprises.

Customer support for One Identity Active Roles is generally rated as good but not perfect, so it really depends on the type of issues and how my environment is set up.

Previously, most of the administration was handled directly through native Active Directory tools and manual processes. My organization moved to One Identity Active Roles to improve centralized management, delegation, and automation, which also helped improve security and reduce manual workload through better control over permissions.

The integration process was relatively easy because One Identity Active Roles integrates well with existing Active Directory environments. The initial setup and configuration required proper planning and understanding of the directory structure, but once configured, it worked well with the existing IT infrastructure, making the centralized management and policy-based administration easier to align with my current identity management process.

From an operational perspective, I have seen a positive return in terms of time-saving and administrative efficiency. For example, routine tasks of user onboarding, permission updates, and account management are completed much faster now compared to manual Active Directory administration. While I was not directly involved in financial calculation, it has definitely improved efficiency and reduced manual effort for my IT teams.

I was not involved directly in the product evaluation or selection process, so I cannot comment in detail on all the alternatives that were evaluated. However, from my understanding, the decision was mainly based on improving centralized Active Directory management.

After using One Identity Active Roles, onboarding account management tasks become noticeably faster. For example, creating a user account and assigning permissions that previously took around fifteen to twenty minutes manually can be completed in just a few minutes through centralized workflows. I have also noticed fewer permission-related mistakes and improved consistency because policies and templates are applied in a standardized way.

My advice for anyone evaluating One Identity Active Roles is that if you are planning to use Active Roles, the most important thing to understand is that it is not just a tool; it is an identity management framework for Active Directory and hybrid environments. Success depends more on design and implementation than the product itself.

One Identity Active Roles is deployed in an on-premises environment integrated with my Active Directory infrastructure. I use One Identity Active Roles for Active Directory administration and identity management tasks, so it is mainly consolidated around centralized user management and delegated administration.

I have utilized the fine-grained permission control feature in One Identity Active Roles mainly through delegated administration, which helped implement least privilege principles by allowing teams to perform only the specific task required for their role, such as a password reset or account unlock, without providing full Active Directory administrative access. This improved security, reduced unnecessary privileged access, and helped maintain better control and accountability over administrative activities.

My impression of the automation capabilities is very positive because they help reduce repetitive manual administrative tasks and improve consistency in user management. For example, during onboarding, account creation, group assignment, and applying standard permissions can be handled through predefined workflows and policies, which saves time and reduces configuration errors. Automation also helped during off-boarding processes by quickly disabling accounts and removing access in a centralized way, improving both efficiency and security.

Administrative tasks related to Active Directory, such as user provisioning, group management, password reset, and access updates, become more streamlined and easier to handle. It also reduced manual workload for administrators because many repetitive tasks can be completed through workflows and delegated administration instead of handling everything directly in native Active Directory tools. It has significantly reduced the complexity of many Active Directory administrative tasks by centralizing management and automating routine operations.

I think the pricing structure will be suitable. I have given this review an overall rating of nine.

One Identity Active Roles serves as my centralized Active Directory management and identity administration solution within our enterprise environment. The platform helps us streamline routing identity management tasks such as user creation, password management, account modification, and access governance, while reducing manual administrative effort.

One Identity Active Roles has positively impacted our organization by improving the efficiency, security, and consistency of identity and access management operations within the Active Directory environment. It also improves security and governance by enforcing role-based access control and provides better visibility into administrative activities through auditing and reporting capabilities.

We observed several operational improvements after implementing One Identity Active Roles, including user onboarding and administrative efficiency and access management consistency. One noticeable improvement was the reduction in onboarding and account provisioning time. Tasks such as creating user accounts, assigning group membership, and applying access permissions became much faster due to centralized management and workflow automation. This helped reduce delays for new employees and improved our overall productivity.

One Identity Active Roles offers several valuable features, but one of the best is centralized Active Directory management. Another strong feature is delegated administration, which allows our organization to assign specific administrative tasks to designated teams without granting full domain-level privilege.

When it comes to centralized Active Directory management, One Identity Active Roles simplifies user administration, group management, and access control from a single platform. This significantly reduces manual administrative effort in our enterprise environment.

One Identity Active Roles delivers role-based access control and auditing as additional strengths of the platform. Active Roles provides detailed visibility into administrative actions and helps support our compliance and governance requirements by maintaining audit trails and enforcing controlled access management.

One area of improvement is the user interface and overall usability. Some administrative functions and configuration can feel complex for new users, especially in large enterprise environments. A more modern and intuitive dashboard would make navigation and task management easier.

The other improvement would be better integration and support for hybrid and cloud-native identity environments, especially as our organization continuously moves towards cloud-based infrastructure and identity management solutions.

I have been using One Identity Active Roles for approximately one to two years.

One Identity Active Roles is stable.

The platform is capable of handling centralized administrative tasks across multi-user, group, organizational unit, and delegated administrative roles without significantly increasing operational complexity. As the environment grows, One Identity Active Roles helps maintain consistent identity governance and access management processes through automation and policy-based administration. One Identity Active Roles has demonstrated good scalability in our experience.

Customer support is good.

We did not use any previous solution before using One Identity Active Roles.

The initial deployment and integration process required proper planning around directory structure, administrative roles, permission, and policy configuration, but the overall implementation was straightforward for our structured enterprise environment. The platform integrates well with our existing Active Directory infrastructure and helps centralize our identity management operations effectively.

We have seen a positive return on investment using One Identity Active Roles, mainly through reduced administrative workload, improved operation, time-saving, and identity management. We also observed fewer manual configuration errors after the implementation of One Identity Active Roles because the policy-driven access management process became centralized. This improved consistency in user provisioning, group assignment, and permission management. The platform also improved our audit readiness and compliance visibility by providing centralized reporting and tracking of administrative activities, which simplifies our internal governance and access review processes.

The setup cost and pricing of One Identity Active Roles was generally positive for an enterprise identity and access management solution. The initial setup and licensing cost can be considerable depending on the size of the Active Directory environment. The setup process required proper planning around Active Directory integration. Licensing is typically based on organization environment and user requirement, so careful evaluation of scalability and future needs is important before deployment.

Before choosing One Identity Active Roles, we did not evaluate other options because what we wanted for Active Directory administrative management, One Identity Active Roles already had that feature in it, so we did not pursue other options.

My advice to organizations considering One Identity Active Roles would be to first clearly assess the structure, identity governance requirements, and administrative workflows. The platform provides the most value where user provisioning, access management, and Active Directory administration have become complex or difficult to manage manually. Proper planning around delegated administration, role-based access control, and workflow automation is very important for successful deployment. I would also recommend starting with a well-defined access governance strategy and reviewing existing administrative permission before implementation. I would rate this solution an 8 out of 10.

One Identity Active Roles serves as my primary platform for centralized Active Directory administration and identity management automation.

In my day-to-day work, I use One Identity Active Roles for centralized Active Directory and identity management through access provisioning. When a new employee joins the organization, One Identity Active Roles handles the creation of the Active Directory account, group membership, mailbox-related configuration, and role-based access assignment through a centralized workflow.

This automation has significantly impacted my daily tasks and the onboarding process by reducing administrative effort, minimizing configuration errors, and accelerating the onboarding process, which saves considerable time. Before we implemented One Identity Active Roles, the administrator manually managed multiple accounts across different systems. After implementing One Identity Active Roles, the platform applies policies and templates to provision new accounts consistently and securely.

An additional benefit of my main use case is the consistent governance across identity management operations. Since many administrative tasks are automated and policy-driven, our teams spend less time handling repetitive manual account management activities and troubleshooting configuration inconsistencies.

One of the best features of One Identity Active Roles is its automated onboarding capability.

The feature that stands out most for me is the delegated administration combined with policy-based automation, which provides a strong balance between operational efficiency and security governance. One of the most valuable aspects is the ability to assign administrative responsibility to specific teams without granting full Active Directory administrative privilege. For example, Help Desk or regional IT teams can manage password resets, group membership, or user account updates within a controlled scope, while core security and directory administrators remain centrally governed.

A feature that stands out during daily operations is the centralized auditing and tracking capability. In enterprise Active Directory environments where multiple administrators and support teams are involved, having detailed visibility into account changes, group modifications, and administrative actions is extremely valuable.

One Identity Active Roles helps simplify troubleshooting, improve accountability, and support compliance and audit requirements because administrative activities can be tracked more efficiently from a centralized platform.

One Identity Active Roles has positively impacted our organization by improving operational efficiency, strengthening governance, and reducing manual administrative effort within Active Directory and identity management operations. One of the biggest improvements was the automation of routine identity lifecycle tasks such as user provisioning, account updates, group management, and deprovisioning, which reduced repetitive manual work for administrators and helped minimize configuration errors.

We observed noticeable operational improvements after implementing One Identity Active Roles, especially in user provisioning and administrative management processes. For example, onboarding and account provisioning tasks that previously required multiple manual activities and directory updates became significantly faster through policy-based automation and predefined templates, reducing the time required for runtime account management activities and improving consistency across the environment.

One Identity Active Roles is a strong platform for identity and administration and Active Directory management; however, I see a few areas where it could be improved. One area is the user interface and administrative experience. While the platform is feature-rich, some workflows and configuration screens can feel complex for new administrators, especially in large enterprise environments with extensive policy configurations.

Another area for improvement is reporting and analytics. More modern and customized dashboards with deeper operational insights would help administrators monitor identity management activities and governance metrics more efficiently. We also found that advanced workflow customization and integration scenarios can require significant expertise and planning, so simplifying some of the configuration and automation processes would improve usability and reduce the learning curve for administrators.

I have been working in my current field for more than four years.

One Identity Active Roles is stable.

My experience is that One Identity Active Roles scales well for enterprise Active Directory administration and Active Directory management environments. The platform has been able to support a growing number of users, administrative workflows, delegation management, operational tasks, and policy-based automation tasks without major performance concerns.

Customer support is good.

We have seen a positive return on investment from One Identity Active Roles, primarily through reduced administrative workload, improved operational efficiency, and stronger governance across Active Directory management. We also experienced fewer configuration and permission-related errors because automated workflows and approval controls reduce manual intervention.

My advice to organizations considering One Identity Active Roles would be to invest time in properly planning their identity governance model, delegation structure, and automation workflows before deployment. One Identity Active Roles provides powerful capabilities for Active Directory administration and identity lifecycle management, but careful planning helps maximize its long-term value. I would rate this product an 8 out of 10.

My main use case for One Identity Active Roles is mostly for Active Directory user lifecycle management and delegated admin control, especially handling user provisioning, role-based access, and reducing manual AD ticket work day-to-day.

Recently, for delegated admin control, I used One Identity Active Roles to automatically provision a new employee's AD account with the correct OU placement, group memberships, and email permissions based on their department. HR submitted a request, and the system handled most of the setup without manual AD changes.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory by removing a lot of repetitive tasks such as user provisioning, group updates, and access changes. At the same time, it has slightly shifted complexity upfront. I spend more effort designing policies and workflows, but once that is in place, ongoing administration becomes much simpler and more controlled.

The best features of One Identity Active Roles are the fine-grained delegation RBAC for Active Directory, so I can safely give help desk or L1 teams limited admin rights without exposing full AD control. It is also really strong in automating user provisioning, de-provisioning, and enforcing policies consistently across AD and Microsoft 365, which removes a lot of manual work and reduces mistakes in day-to-day operations.

The automation has reduced a lot of repetitive AD tasks. Tasks such as user creation, group assignments, and access changes that used to be manual tickets are now mostly automated through workflows. The team spends far less time on routine provisioning and more on actual issues or exceptions.

One Identity Active Roles helps a lot with controlling who can modify sensitive AD objects, so I reduce risk by giving help desk limited, policy-driven access instead of full admin rights, which keeps audits and compliance much cleaner.

One Identity Active Roles could be improved by making the initial setup and policy configuration simpler and more intuitive, especially for complex enterprise AD environments. Right now, it takes quite a bit of effort to fine-tune everything and get workflows exactly right.

Documentation could be clearer for advanced use cases, especially around complex delegation and custom workflows. Deeper out-of-the-box integrations with modern cloud identity tools could make hybrid environments easier to manage.

I have been using One Identity Active Roles for one year.

One Identity Active Roles is very stable overall in my environment. I rarely face downtime, and once it is properly configured, it runs reliably for day-to-day AD automation, provisioning, and delegation tasks. Occasionally, there are minor performance hiccups or slow responses during heavy loads, but those are usually resolved with routine maintenance or service restarts rather than any major issues. Overall, it is considered production-grade stable for enterprise AD environments, especially when governance and configuration are done properly.

One Identity Active Roles has very strong scalability for enterprise environments, especially in multi-domain or hybrid Active Directory setups. It handles large AD forests, multiple domains, and hybrid Azure AD environments well because it is designed to centralize management and apply policies consistently across everything from a single console. As long as it is properly architected, it can scale from mid-size setups to very large enterprise deployments without major issues. In practice, it scales well in terms of user provisioning, group management, and delegation workloads, but I do need to plan carefully, especially around policy design and server performance tuning when the environment becomes very large or complex. Overall, One Identity Active Roles offers enterprise-grade scalability, but success depends on good initial design.

Customer support for One Identity Active Roles is generally good and fairly technical. From my experience, the support team is knowledgeable about Active Directory and identity workflows, so they are helpful for configuration issues, troubleshooting, and upgrade-related problems. Most standard issues get resolved properly with clear guidance. However, for more complex or edge-case problems, resolution can sometimes take longer because it may require escalation or deeper investigation. Overall, it is solid enterprise-level support, just not always very fast for complicated cases.

I was previously relying on native Active Directory tools such as AD Users and Computers along with some manual PowerShell scripts for automation. I switched mainly because that setup was not scalable. Everything was too manual, script-dependent, and hard to govern consistently across teams, especially for delegation and audit tracking. One Identity Active Roles gave me a more centralized and policy-driven way to manage all of that.

The ease of integrating One Identity Active Roles with my existing IT infrastructure and directory services was moderately complex at the beginning, especially aligning it with existing AD structure and defining delegation models. However, once the initial setup and connectors were in place, it became fairly stable and easy to operate with my existing Active Directory and hybrid Azure AD environment.

I have seen a return on investment mainly through time savings and reduced operational load in Active Directory management. For example, after implementing One Identity Active Roles, I have reduced a lot of manual AD work such as provisioning, group changes, and access requests. Overall, it has led to roughly a 40 to 60 percent reduction in AD-related service desk tickets and manual effort, depending on the workload period. On the time side, tasks such as user onboarding that earlier took 15 to 20 minutes are now done in just a few minutes through automation and templates, which adds up to dozens of IT hours saved every month. I have also seen indirect savings because I do not need as many escalations to senior admins. Routine work is handled through delegation, so the same team can manage more users without additional headcount. In short, there is less manual work, fewer errors, faster onboarding, and better scalability without increasing team size.

My experience with pricing, setup cost, and licensing felt on the higher side since it is an enterprise-grade tool, and the licensing is typically based on managed user objects, so it scales with the environment size. Setup also requires some initial professional services and planning effort, but once implemented, it is stable and the cost is justified by the automation and reduced AD workload.

I evaluated a few alternatives before selecting One Identity Active Roles. The main ones were ManageEngine ADManager Plus, SailPoint Identity Security Cloud, and Microsoft Entra ID Governance. I also looked at Okta for broader IAM, but it was more SSO-focused rather than deep Active Directory delegation. I ultimately chose One Identity Active Roles because it was a better fit for deep, AD-level delegation on-premises plus hybrid control and fine-grained administrative workflows, which the others did not handle as cleanly in my environment.

My advice to others looking into using One Identity Active Roles is to invest time in proper planning before implementation, especially around your AD structure and delegation model. If you clearly define roles, OU design, and workflow rules upfront, One Identity Active Roles becomes very powerful and smooth to run, but if you rush setup, it can feel complex and messy later. Additionally, involve both security and AD admins early because it works best when both governance and automation are aligned from the start.

Overall, One Identity Active Roles is a solid enterprise-grade AD management tool that really shines in environments where you need strong delegation, automation, and compliance control. The biggest takeaway is that it pays off most when you invest time in proper design and governance upfront. Once that is done, it significantly reduces day-to-day AD workload and improves consistency across the environment. I would rate this product an 8 out of 10.

My main use case for One Identity Active Roles is Active Directory administration, delegated access control, user provisioning, and automating routine account management tasks.

I use One Identity Active Roles to automatically create user accounts with the correct group memberships and permissions based on their department and role, which saves a lot of manual AD work during onboarding.

I also use One Identity Active Roles for auditing and approval workflows, especially for sensitive AD changes where I want better control and tracking.

The best features One Identity Active Roles offers for me are delegated administration, automation workflows, centralized AD management, and the detailed auditing capabilities that make tracking changes much easier.

The detailed auditing capabilities of One Identity Active Roles have helped me significantly because delegated administration has probably made the biggest impact by letting different teams manage specific AD tasks securely without giving full domain admin-level access. The automation and approval workflows stand out a lot in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted my organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

I have noticed specific outcomes since using One Identity Active Roles, such as faster onboarding and access provisioning after automation. I have also seen fewer permission-related errors because the workflows are more standardized and controlled.

One Identity Active Roles can be improved by modernizing the UI to be more responsive, as some advanced workflow configurations can feel a bit clunky during setup.

I wish One Identity Active Roles had better cloud integration and simpler reporting customization, which would definitely improve the overall experience, especially in hybrid environments.

I have been using One Identity Active Roles for two years.

One Identity Active Roles has been stable overall in my experience, especially for automation workflows, delegation, administration, and day-to-day Active Directory management.

One Identity Active Roles scales very well in large enterprise environments, especially for organizations managing multiple domains, hybrid AD setups, and high volumes of user provisioning tasks.

Customer support for One Identity Active Roles is very good, and the support team is very helpful.

Before One Identity Active Roles, I mostly relied on native Active Directory tools and manual processes, and I switched to One Identity Active Roles to get better automation, delegation, and centralized control over AD management.

The ease of integrating One Identity Active Roles with my existing IT infrastructure and directory services is fairly smooth overall since it works well with existing Active Directory environments, though some advanced integration and workflow customization required extra planning and testing.

I have seen a clear return on investment, mainly through time savings and reduced manual administration. Onboarding, permission updates, and account management tasks that used to take a lot of manual effort are now largely automated and completed much faster.

My experience with pricing, setup cost, and licensing has been positive as delegation has worked really well for me, allowing help desk and regional IT teams to handle specific AD tasks safely without needing broad administrative privileges.

I evaluated a few other IAM and AD management solutions, including SailPoint, Microsoft Entra ID, and ManageEngine before choosing One Identity Active Roles.

My advice to others looking into using One Identity Active Roles is to plan your delegation model and automation workflows carefully before deployment because the platform delivers the most value when roles, approvals, and AD processes are well-structured from the beginning. I would rate this product an 8 out of 10.

My main use case for One Identity Active Roles is active Directory user lifecycle management, including provisioning, deprovisioning, and delegating admin rights securely across different teams.

I use One Identity Active Roles to automatically provision AD user accounts when HR creates a new employee record and also delegate limited OU-level admin rights to regional IT teams so they can manage users without full domain admin access.

I have also customized policies so contractors get time-bound accounts that auto-disable on expiry, which has reduced manual cleanup and improved compliance tracking.

The best features One Identity Active Roles offers are the fine-grained AD delegation through role-based access control, strong automation for user lifecycle management including joiner, mover, and leaver processes, and the ability to manage multiple AD and Entra environments from one console, which makes admin work much more controlled and scalable.

One Identity Active Roles role-based access control feature has helped us significantly by replacing manual ACL-based AD permissions with structured roles, so instead of assigning rights user by user, we just assign people to predefined job roles, and the correct access is applied automatically. In practice, this reduced many mistakes such as over-permissioning, and it made audits much easier because we can clearly show who has access and why instead of digging through individual group memberships.

Overall, the automation combined with delegation capabilities of One Identity Active Roles is the biggest advantage for us, but it does take time to properly design roles and policies upfront. Once that is completed, day-to-day AD management becomes much smoother and far less error-prone.

One Identity Active Roles has reduced a significant amount of manual AD admin work, improved security through tighter access control, and made onboarding and offboarding much faster and more consistent across teams.

We have roughly cut onboarding and offboarding effort by approximately 40 to 60 percent because most of the AD provisioning is automated. We have also seen fewer access-related incidents since role-based access control reduced over-permissioning and manual group changes.

The main improvement I would suggest for One Identity Active Roles is making the UI and policy configuration more intuitive. Currently, it can feel quite complex for new admins. Additionally, faster troubleshooting and clearer error messages would help significantly during setup and changes.

Reporting could also be stronger, especially out-of-the-box audit reports. We often end up customizing or exporting data to get the exact compliance view we need. Additionally, initial role design is powerful but somewhat time-consuming, so better templates or guided setup would really help speed things up.

One Identity Active Roles is generally considered stable in enterprise environments. In my experience, it runs reliably for day-to-day AD automation and delegation with very little downtime. Most issues we have seen are not core stability problems but occasional performance slowdowns or configuration-related behavior, especially in larger or more complex environments. Overall, once it is properly configured and tuned, it is stable enough for production use, even for critical identity lifecycle and role-based access control operations.

One Identity Active Roles is generally highly scalable in enterprise AD environments. In practice, it handles multi-domain, multi-forest Active Directory setups and even hybrid AD plus Entra ID environments quite effectively. It is commonly used in organizations with tens of thousands to hundreds of thousands of identities. From my experience, scalability is strong because it supports centralized management across multiple AD domains from a single console. Automation and workflows scale with user volume, so provisioning does not become more manual as users grow. Additionally, role-based delegation keeps admin overhead stable even as organization size increases. It is designed for large enterprise identity environments, not just small AD setups. The main things to watch at scale are performance tuning and database architecture planning, especially if workflows and auditing are heavily used. However, overall it scales effectively when properly architected.

Customer support for One Identity Active Roles has generally been good and technically strong in my experience. Support is usually responsive for critical issues and provides solid practical guidance for AD workflow problems. However, for low-priority tickets, the response time can sometimes be slower, and you may need to rely on documentation or knowledge base articles. Overall, I would rate support quality around an eight out of ten.

Before One Identity Active Roles, we relied mainly on a mix of manual AD management plus custom PowerShell scripts and a few basic identity tools that did not scale effectively. We switched because the scripting approach became hard to maintain, inconsistent across teams, and risky in terms of over-permissioning. One Identity Active Roles provided us centralized role-based access control, better auditability, and automation that reduced dependency on individual scripts and manual admin effort.

Integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately difficult at first, especially aligning it with existing AD structure and legacy scripts. However, once connectors and policies were properly configured, it became stable and fits effectively into our directory services ecosystem.

We have seen a clear return on investment with One Identity Active Roles, mainly in time savings and reduced manual effort rather than headcount reductions. Before One Identity Active Roles, onboarding, offboarding, and access changes used to require a significant amount of manual AD work across teams. Now, most of it is automated through workflows, so we have reduced provisioning and deprovisioning effort by roughly 40 to 60 percent, which translates to saving several hours per admin per week. Once a year, that effectively frees up close to one full-time admin's workload capacity, which we allocated to another IAM security task instead of hiring more staff. Additionally, we have seen fewer access-related incidents and audit corrections because role-based access control and delegation reduced over-permissioning. That is harder to put an exact number on, but it has definitely lowered compliance firefighting during audits and saved time on rework.

Our experience with One Identity Active Roles has been that pricing is on the higher side since it is enterprise licensing based on managed users, and setup cost is mainly around initial implementation effort and possibly some professional services for design and deployment. Licensing itself is a bit complex to understand at first, but once scoped properly, it is manageable. Overall, it felt expensive upfront but justified because of the automation and long-term reduction in admin effort and operational cost.

We did evaluate a few alternatives before going with One Identity Active Roles. We looked at Microsoft Entra ID Governance, SailPoint Identity Security Cloud, and Softerra Adaxes. In the end, One Identity Active Roles fit best for our environment because it was more focused on deep Active Directory management, delegation, and automation without a heavy identity governance and administration overhead, which matched our needs better than the broader governance platforms.

My advice to others looking into using One Identity Active Roles is to invest time in design before implementation, especially around role structure and OU permission modeling. One Identity Active Roles is powerful, but it only works as effectively as the role-based access control and delegation model you build. Start small with core use cases such as joiner, mover, leaver automation, and basic AD delegation, then expand into advanced workflows once the foundation is stable. Additionally, involve your AD and security teams early because cleanup of existing permissions is usually the hardest part.

Do not underestimate the learning curve. Once it is properly configured, it runs very smoothly, but the initial setup and policy design is where most teams struggle.

Delegation through One Identity Active Roles has worked very effectively. We have been able to safely give regional IT teams limited AD control without exposing full domain admin rights, which reduced bottlenecks on the central team and made user management much faster.

One Identity Active Roles has had a strong positive impact on our organization's compliance efforts because role-based access control delegation controls and audit logs make it much easier to prove least privilege and track who changed what in Active Directory. During audits, we can quickly generate evidence instead of manually collecting data from multiple systems, which has reduced both effort and risk of gaps.

We have consolidated most AD user provisioning, delegation, and lifecycle management into One Identity Active Roles instead of using multiple separate scripts and manual processes.

One Identity Active Roles automation capabilities are one of its strongest areas. For example, we have automated user onboarding where account group memberships and mailbox access are created from HR input without manual intervention and also auto-disable accounts after termination or contract expiry, which has reduced a significant amount of manual AD work. I would rate this product an eight out of ten overall.

One Identity Active Roles is primarily used for Active Directory administration, delegation, delegated access control, user provisioning, and automating routine account management tasks.

One Identity Active Roles automatically creates user accounts with correct group memberships and permissions based on the department and role, which saves a lot of manual AD work during onboarding.

One Identity Active Roles is also used for auditing and approval workflows, especially for sensitive AD changes where better control and tracking are needed.

The best features One Identity Active Roles offers are delegated administration, automation workflows, centralized AD management, and the detailed auditing capabilities that make tracking changes much easier.

Delegated administration has made the biggest impact because it allows the different teams to manage specific AD tasks securely without giving full domain-level access.

The automation and approval workflows stand out significantly in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted the organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

The UI of One Identity Active Roles could be more modern and responsive, and some advanced workflow configurations can feel complex during setup.

Better cloud integration and simpler reporting customizations would definitely improve the overall experience, especially in hybrid environments.

One Identity Active Roles has been in use for two years.

One Identity Active Roles is very stable.

One Identity Active Roles scales very well in large enterprise environments, especially for organizations managing multiple domains, hybrid AD setups, and high volumes of user provisioning tasks.

Customer support for One Identity Active Roles is great.

Before One Identity Active Roles, the organization mostly relied on native administrative Active Directory tools and manual processes. The switch was made for better automation, delegation, and centralized control over AD management.

A few other IAM and AD management solutions were evaluated before choosing One Identity Active Roles, including SalePoint, Microsoft Entra ID, and ManageEngine.

The integration of One Identity Active Roles with the existing IT infrastructure and directory services was fairly smooth overall since it works well with existing Active Directory environments, though some advanced integrations and workflow customization required extra planning and testing.

Clear ROI has been seen with One Identity Active Roles, mainly through the time savings and reduced manual administration. Onboarding, permission updates, and account management tasks that used to take a lot of manual effort are now largely automated and completed much faster.

The pricing, setup cost, and licensing of One Identity Active Roles are definitely enterprise-focused, but the value from the automation, delegation, administration, and the reduced manual AD effort makes the investment worthwhile in large environments.

My advice to others looking into using One Identity Active Roles is to plan your delegation model and automation workflows carefully before deployment because the platform delivers the most value when roles, approvals, and AD processes are well-structured from the beginning.

One Identity Active Roles has been a reliable solution for improving AD governance, reducing manual administration, and enforcing better access control across the environment. The overall review rating for One Identity Active Roles is 8 out of 10.