One Identity Active Roles is used in our day-to-day operations to manage Active Directory in a controlled and automated way. The solution handles user accounts, groups, and permissions effectively.

In a real scenario, when a new user joins our organization, we use a template in One Identity Active Roles, and the user automatically receives the correct groups and permissions. When an employee leaves our organization, their account is automatically disabled.

One Identity Active Roles offers multiple best features that provide a good experience in our real-time environment. The delegation of admin tasks is a primary feature. Instead of giving full access to everyone, we assign specific permissions based on roles. For the IT team, we do not need to provide full access.

Since we have implemented One Identity Active Roles, we have seen significant improvements. The process is truly helpful and has positively impacted our environment. We have experienced faster user management, better control over Active Directory, reduced errors, and improved security.

One Identity Active Roles is a very powerful and effective solution that helps us in a positive way. The initial setup took almost one month, and reducing this timeframe further would be beneficial for implementation.

I have been working in my current field for more than two years.

One Identity Active Roles is very stable.

The initial setup took almost one month.

We have not evaluated other options before choosing One Identity Active Roles.

One Identity Active Roles enables faster user management because the user account is automatically fetched from HR tools, eliminating manual intervention from the IT team. This has resulted in a fifty to sixty percent reduction in manual time compared to our previous process. Human errors have been reduced by ninety-nine percent as there is no longer human error in the process.

My advice for those looking to implement One Identity Active Roles for centralized Active Directory management with user control is to consider this solution, as it will significantly help your organization. I have provided this review a rating of ten out of ten.

One Identity Active Roles is used primarily to enforce policy-based control on Active Directory objects, which ensures all changes follow defined rules and workflows, helping us maintain data integrity and governance across our entire architecture.

Policy-based management enforces rules on Active Directory operations such as user creation, modification, and deletion, ensuring that naming conventions and mandatory attributes are applied, which helps us prevent misconfiguration.

One Identity Active Roles offers strong role-based access control and delegation capabilities that improve security by limiting admin privilege, supports automation, and has a powerful policy engine for enforcing standard policies, ensuring consistency across Active Directory operations, which reduces misconfiguration. It also provides comprehensive audit and reporting features that improve visibility into changes.

Compliance with the Active Directory environment has really helped us with audit and reporting capabilities.

One Identity Active Roles has positively impacted our organization by increasing efficiency through automating routine tasks and improving governance through approval workflows, making our Active Directory management workload more structured.

We have seen that it has reduced manual work and we have noticed a reduction in human errors along with a decrease in time efforts, so our team is now able to handle more workload than before.

One Identity Active Roles is working well for our environment and we have not seen anything that needs to be improved as of now. However, the initial setup and configuration can be complex for a new engineer or new organization, requiring Active Directory expertise, which increases deployment effort. The initial setup could be simplified.

I have been using One Identity Active Roles for more than four years.

One Identity Active Roles is stable.

Scalability-wise, there is no issue, and it matches our organization's growth.

I have interacted with the customer support team multiple times, and they are ready to support at any time whenever we raise a ticket, providing concrete solutions for any kind of challenge.

From day one, we have been using One Identity Active Roles and have not used any different solution.

I had a great experience with the setup cost, pricing, and licensing costs because the sales team of the vendor is really helpful during the entire procurement of the solution, and we are grateful and happy with the support provided by the vendor sales team.

We have seen a good return on investment because the automation feature has reduced manual efforts by around thirty to fifty percent and improved efficiency with reduced workload, saving our engineers time.

I had a great experience with the setup cost, pricing, and licensing costs because the sales team of the vendor is really helpful during the entire procurement of the solution, and we are grateful and happy with the support provided by the vendor sales team.

We have not gone for the evaluation of other options.

One Identity Active Roles is a great solution to consider for Active Directory management and for enforcing policies, central management, and great visibility, which will be helpful for any organization. I would also advise starting with defining the roles and whatever policies need to be implemented to ensure smooth deployment. I rate this product a ten out of ten.

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

I have been using One Identity Active Roles for more than three years.

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

When a new user is created, predefined rules automatically apply naming standards and assigned groups. This reduces manual tasks while ensuring consistency across all operations. It prevents and avoids mistakes during the account setup.

One Identity Active Roles has helped us improve security with smooth processes. It provides role-based control that ensures every action in the AD follows the rules. This provides great outcomes and improvements in our organization's process.

We have seen fewer mistakes and it is saving our time. It provides great centralized control and security by limiting access rights. These are the positive outcomes we are experiencing.

The best feature of One Identity Active Roles is its ability to control delegations. It allows us to assign limited access to team members based on their roles and responsibilities. This helps us reduce risk while keeping operations smooth and provides more secure AD management.

Delegating tasks like password resets has impacted positively in our organization and has helped us to smoothen and speed up our work. It allows organizations to control user accounts, their permissions and changes in a more structured and simpler way. This helps improve both security and the application process.

I do not see anything that needs to be changed as of now concerning the organization's needs because it is working very well and it is providing great features with great processes. The initial setup could be simpler because sometimes it feels like it should be more straightforward.

I have been working in my current field for more than eight years. I have been using One Identity Active Roles for more than three years.

The vendor is ready to provide technical support 24/7 and able to resolve issues in a given timeline with proper root cause analysis of the issue.

We have not evaluated other options.

I had a great experience with the pricing, setup cost, and licensing because the sales team of the vendor was very helpful during all of this procedure and process.

I have seen a good return on investment with One Identity Active Roles. It is helping us to save our efforts and time to manage all these processes and tasks within the time limit. It is saving our team time as well as the money of the organization.

I highly recommend One Identity Active Roles for any organization looking for strong management of their Active Directory in their environment with strong control, automation, and security features. Organizations can consider this solution the best fit. I also advise starting with the basic configuration and expanding gradually while providing proper training to the IT team. This will be helpful and beneficial over time. I give this product a rating of 9 out of 10.

One Identity Active Roles is used for automated user lifecycle management and delegated administration across AD environments and infrastructure. When a new employee joins the organization, their account is created automatically based on their department, post, and location, eliminating manual work.

When an employee moves to a different department, their access is automatically updated to reflect their roles. During the onboarding process, data is fetched from HR tools, and based on this fetched data, the access needed for employees is automatically assigned and sent. Whenever a user moves to a different department, their posts are automatically updated and reflected in their roles.

One Identity Active Roles offers exceptional features, including a delegation model that combines policy enforcement. The solution allows the help desk team to be given the exact permissions they need, enabling them to reset passwords, unlock accounts, and update phone numbers without granting them access to areas they should not touch, such as group membership or admin accounts. Every action taken follows the defined policy automatically, making this the favorite feature of the solution.

This automated delegation saves significant time for the team, as it has changed how IT operations work. Previously, a constant flood of routine requests landed on the admin team, who were already busy with substantial work. Now, such tasks are automated rather than performed manually.

One Identity Active Roles enables time savings with password resetting and account unlocking, which used to consume significant management time but are now automated. The solution also provides improved flexibility, policy enforcement that eliminates human errors, and seamless Active Directory integrations. A substantial amount of time has been reduced, and human errors have decreased.

There are no features missing; however, the initial setup could be simpler. Apart from this, everything is smooth.

One Identity Active Roles has been in use for more than three years.

There are no additional thoughts to comment on regarding the main use case. One Identity Active Roles is perfectly adequate as of now. One Identity Active Roles is recommended as one of the best solutions currently in the market since it addresses many issues such as risks faced, inconsistent account setup, excessive admin privileges, lack of audit trails, and manual provisioning errors, all of which can be resolved with this solution. This review has been given a rating of eight.

One Identity Active Roles is used day to day for centralized user management and user provisioning, group management, enforcing role-based access control, creating automated users, and notifications. One Identity Active Roles is used for managing group membership and controlling access efficiently.

Organizations having multiple employees can consider this solution to manage their employees' usernames and credentials, onboard users, and manage their access. I highly recommend all organizations to consider this as one of the best solutions.

The best feature is the role-based access control feature, which secures delegation without giving full admin rights to any users. The central management is also valuable, as it gives a single unified console to manage the entire AD environment.

This solution saves time through user onboarding and removes concerns about security, as all these aspects are managed by One Identity Active Roles. Users receive access based on their role, the onboarding process is simpler, and manual user lifecycle management has been reduced.

The initial setup is a bit complex for new engineers, so that could be simplified.

I have been using One Identity Active Roles for more than two years.

One Identity Active Roles is pretty stable.

The initial setup was easy and the licensing is also simpler. I was not involved in the cost, so I cannot comment on the costing.

The solution has resulted in money saved and time saved. It has really saved the organization money.

One Identity Active Roles is a great solution, which is why I have chosen a rating of nine for this review, with one point reserved for future enhancement of the solution.

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

I have used the solution for over three years.

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

My main use case for One Identity Active Roles is active directory management, assigning role-based access control, and onboarding processes.

I use One Identity Active Roles in onboarding new employees, assigning least privilege access to information and digital interactions based on role.

One Identity Active Roles offers automation of workflow, compliance, and auditing, including the ability to make changes, detailed auditing, and change tracking.

I use One Identity Active Roles in centralized Active Directory administration, and it helps me reduce the risk of direct domain admin access.

The auditing and change tracking features of One Identity Active Roles make it easier for me to have clear visibility of what is changed, who changed it, and how it was changed, while also helping me maintain a detailed auditing workflow.

I appreciate the security improvement and the Active Directory management features of One Identity Active Roles.

One Identity Active Roles has been impactful and helpful in the area of automation of user provisioning and de-provisioning, and it helps me maintain a good approval workflow.

One Identity Active Roles saves me time, reduces the risk of direct domain admin access, and helps me in centralized Active Directory administration.

I want One Identity Active Roles to improve in the area of user interface, modernizing it to feel more like a SaaS tool and to have user-friendly navigation.

I also want One Identity Active Roles to improve in their policy configuration area, which requires advanced expertise, and in the area of reporting, I want the reporting to be more basic, visible, and have the ability to export and customize options.

The areas needing improvement for One Identity Active Roles include the reporting, the dashboard, and simple policy configuration.

I would appreciate improvement in policy configuration and making the reporting system more basic for user interface usage.

I have been using One Identity Active Roles for over four years.

One Identity Active Roles is very stable in the automation workflow and in compliance and auditing.

The scalability of One Identity Active Roles is very acceptable; I would rate it at 80%, and it is very helpful in internal audits, making it more visible for my organization.

The customer support of One Identity Active Roles is very good and helps to balance policy enforcement capabilities while improving my approval workflow.

I do not have any other solution rather than One Identity Active Roles because it helps me very much in the area of role-based access control.

The setup and pricing of One Identity Active Roles were very good, helping me understand the cost and the pricing system.

I have seen a return on investment with over 75% in the area of reducing costs, and 40% in reducing risk and making the workflow easier.

I evaluated other options such as LastPass and Microsoft Sentinel before choosing One Identity Active Roles.

I advise others looking into using One Identity Active Roles to utilize it because the automation in workflow is perfect, and the ability to provide detailed auditing and assist in internal audits is excellent. I would rate this review with a three out of five.

One Identity Active Roles is used primarily to simplify and automate Active Directory user and permission management. The solution automates routine tasks such as account creation, password reset, and permission assignments. It improves security by controlling access and providing auditing capability. A centralized dashboard allows for efficient management of users and permissions from one place.

One Identity Active Roles automates repetitive tasks that would otherwise require manual effort and time. When onboarding new employees, the tool automatically creates user accounts based on predefined templates. It assigns the correct group membership and permissions according to the employee role without manual intervention. This automation reduces errors and speeds up the processes.

One Identity Active Roles ensures that security policies are consistent across the organization.

One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.

The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.

One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.

One Identity Active Roles can be improved by simplifying the setup process since a small team in a small business requires implementation without extensive IT support. Additionally, the pricing could be more flexible or tiered to better fit the budget of a smaller organization.

I have used One Identity Active Roles for around one to two months.

One Identity Active Roles is stable.

My rating customer service rating is 5.

Planning carefully for the initial setup is important as it can be complex and time-consuming. Ensure that there is access to expertise in Active Directory. The review rating for One Identity Active Roles is 9.

One Identity Active Roles is used for provisioning and directory management.

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.

Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.

I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.

I have been using One Identity Active Roles for about three years.

One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.

I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.

I rate the vendor's technical support a ten out of ten.

We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.

The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.

One Identity Active Roles was purchased through a partner.

I am aware of the pricing; it is on the expensive side, though pricing is not my department.

One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.

The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.

I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.

I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.

I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.

The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.