My main use case for One Identity Active Roles is mostly for Active Directory user lifecycle management and delegated admin control, especially handling user provisioning, role-based access, and reducing manual AD ticket work day-to-day.

Recently, for delegated admin control, I used One Identity Active Roles to automatically provision a new employee's AD account with the correct OU placement, group memberships, and email permissions based on their department. HR submitted a request, and the system handled most of the setup without manual AD changes.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory by removing a lot of repetitive tasks such as user provisioning, group updates, and access changes. At the same time, it has slightly shifted complexity upfront. I spend more effort designing policies and workflows, but once that is in place, ongoing administration becomes much simpler and more controlled.

The best features of One Identity Active Roles are the fine-grained delegation RBAC for Active Directory, so I can safely give help desk or L1 teams limited admin rights without exposing full AD control. It is also really strong in automating user provisioning, de-provisioning, and enforcing policies consistently across AD and Microsoft 365, which removes a lot of manual work and reduces mistakes in day-to-day operations.

The automation has reduced a lot of repetitive AD tasks. Tasks such as user creation, group assignments, and access changes that used to be manual tickets are now mostly automated through workflows. The team spends far less time on routine provisioning and more on actual issues or exceptions.

One Identity Active Roles helps a lot with controlling who can modify sensitive AD objects, so I reduce risk by giving help desk limited, policy-driven access instead of full admin rights, which keeps audits and compliance much cleaner.

One Identity Active Roles could be improved by making the initial setup and policy configuration simpler and more intuitive, especially for complex enterprise AD environments. Right now, it takes quite a bit of effort to fine-tune everything and get workflows exactly right.

Documentation could be clearer for advanced use cases, especially around complex delegation and custom workflows. Deeper out-of-the-box integrations with modern cloud identity tools could make hybrid environments easier to manage.

I have been using One Identity Active Roles for one year.

One Identity Active Roles is very stable overall in my environment. I rarely face downtime, and once it is properly configured, it runs reliably for day-to-day AD automation, provisioning, and delegation tasks. Occasionally, there are minor performance hiccups or slow responses during heavy loads, but those are usually resolved with routine maintenance or service restarts rather than any major issues. Overall, it is considered production-grade stable for enterprise AD environments, especially when governance and configuration are done properly.

One Identity Active Roles has very strong scalability for enterprise environments, especially in multi-domain or hybrid Active Directory setups. It handles large AD forests, multiple domains, and hybrid Azure AD environments well because it is designed to centralize management and apply policies consistently across everything from a single console. As long as it is properly architected, it can scale from mid-size setups to very large enterprise deployments without major issues. In practice, it scales well in terms of user provisioning, group management, and delegation workloads, but I do need to plan carefully, especially around policy design and server performance tuning when the environment becomes very large or complex. Overall, One Identity Active Roles offers enterprise-grade scalability, but success depends on good initial design.

Customer support for One Identity Active Roles is generally good and fairly technical. From my experience, the support team is knowledgeable about Active Directory and identity workflows, so they are helpful for configuration issues, troubleshooting, and upgrade-related problems. Most standard issues get resolved properly with clear guidance. However, for more complex or edge-case problems, resolution can sometimes take longer because it may require escalation or deeper investigation. Overall, it is solid enterprise-level support, just not always very fast for complicated cases.

I was previously relying on native Active Directory tools such as AD Users and Computers along with some manual PowerShell scripts for automation. I switched mainly because that setup was not scalable. Everything was too manual, script-dependent, and hard to govern consistently across teams, especially for delegation and audit tracking. One Identity Active Roles gave me a more centralized and policy-driven way to manage all of that.

The ease of integrating One Identity Active Roles with my existing IT infrastructure and directory services was moderately complex at the beginning, especially aligning it with existing AD structure and defining delegation models. However, once the initial setup and connectors were in place, it became fairly stable and easy to operate with my existing Active Directory and hybrid Azure AD environment.

I have seen a return on investment mainly through time savings and reduced operational load in Active Directory management. For example, after implementing One Identity Active Roles, I have reduced a lot of manual AD work such as provisioning, group changes, and access requests. Overall, it has led to roughly a 40 to 60 percent reduction in AD-related service desk tickets and manual effort, depending on the workload period. On the time side, tasks such as user onboarding that earlier took 15 to 20 minutes are now done in just a few minutes through automation and templates, which adds up to dozens of IT hours saved every month. I have also seen indirect savings because I do not need as many escalations to senior admins. Routine work is handled through delegation, so the same team can manage more users without additional headcount. In short, there is less manual work, fewer errors, faster onboarding, and better scalability without increasing team size.

My experience with pricing, setup cost, and licensing felt on the higher side since it is an enterprise-grade tool, and the licensing is typically based on managed user objects, so it scales with the environment size. Setup also requires some initial professional services and planning effort, but once implemented, it is stable and the cost is justified by the automation and reduced AD workload.

I evaluated a few alternatives before selecting One Identity Active Roles. The main ones were ManageEngine ADManager Plus, SailPoint Identity Security Cloud, and Microsoft Entra ID Governance. I also looked at Okta for broader IAM, but it was more SSO-focused rather than deep Active Directory delegation. I ultimately chose One Identity Active Roles because it was a better fit for deep, AD-level delegation on-premises plus hybrid control and fine-grained administrative workflows, which the others did not handle as cleanly in my environment.

My advice to others looking into using One Identity Active Roles is to invest time in proper planning before implementation, especially around your AD structure and delegation model. If you clearly define roles, OU design, and workflow rules upfront, One Identity Active Roles becomes very powerful and smooth to run, but if you rush setup, it can feel complex and messy later. Additionally, involve both security and AD admins early because it works best when both governance and automation are aligned from the start.

Overall, One Identity Active Roles is a solid enterprise-grade AD management tool that really shines in environments where you need strong delegation, automation, and compliance control. The biggest takeaway is that it pays off most when you invest time in proper design and governance upfront. Once that is done, it significantly reduces day-to-day AD workload and improves consistency across the environment. I would rate this product an 8 out of 10.

My main use case for One Identity Active Roles is Active Directory administration, delegated access control, user provisioning, and automating routine account management tasks.

I use One Identity Active Roles to automatically create user accounts with the correct group memberships and permissions based on their department and role, which saves a lot of manual AD work during onboarding.

I also use One Identity Active Roles for auditing and approval workflows, especially for sensitive AD changes where I want better control and tracking.

The best features One Identity Active Roles offers for me are delegated administration, automation workflows, centralized AD management, and the detailed auditing capabilities that make tracking changes much easier.

The detailed auditing capabilities of One Identity Active Roles have helped me significantly because delegated administration has probably made the biggest impact by letting different teams manage specific AD tasks securely without giving full domain admin-level access. The automation and approval workflows stand out a lot in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted my organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

I have noticed specific outcomes since using One Identity Active Roles, such as faster onboarding and access provisioning after automation. I have also seen fewer permission-related errors because the workflows are more standardized and controlled.

One Identity Active Roles can be improved by modernizing the UI to be more responsive, as some advanced workflow configurations can feel a bit clunky during setup.

I wish One Identity Active Roles had better cloud integration and simpler reporting customization, which would definitely improve the overall experience, especially in hybrid environments.

I have been using One Identity Active Roles for two years.

One Identity Active Roles has been stable overall in my experience, especially for automation workflows, delegation, administration, and day-to-day Active Directory management.

One Identity Active Roles scales very well in large enterprise environments, especially for organizations managing multiple domains, hybrid AD setups, and high volumes of user provisioning tasks.

Customer support for One Identity Active Roles is very good, and the support team is very helpful.

Before One Identity Active Roles, I mostly relied on native Active Directory tools and manual processes, and I switched to One Identity Active Roles to get better automation, delegation, and centralized control over AD management.

The ease of integrating One Identity Active Roles with my existing IT infrastructure and directory services is fairly smooth overall since it works well with existing Active Directory environments, though some advanced integration and workflow customization required extra planning and testing.

I have seen a clear return on investment, mainly through time savings and reduced manual administration. Onboarding, permission updates, and account management tasks that used to take a lot of manual effort are now largely automated and completed much faster.

My experience with pricing, setup cost, and licensing has been positive as delegation has worked really well for me, allowing help desk and regional IT teams to handle specific AD tasks safely without needing broad administrative privileges.

I evaluated a few other IAM and AD management solutions, including SailPoint, Microsoft Entra ID, and ManageEngine before choosing One Identity Active Roles.

My advice to others looking into using One Identity Active Roles is to plan your delegation model and automation workflows carefully before deployment because the platform delivers the most value when roles, approvals, and AD processes are well-structured from the beginning. I would rate this product an 8 out of 10.

My main use case for One Identity Active Roles is active Directory user lifecycle management, including provisioning, deprovisioning, and delegating admin rights securely across different teams.

I use One Identity Active Roles to automatically provision AD user accounts when HR creates a new employee record and also delegate limited OU-level admin rights to regional IT teams so they can manage users without full domain admin access.

I have also customized policies so contractors get time-bound accounts that auto-disable on expiry, which has reduced manual cleanup and improved compliance tracking.

The best features One Identity Active Roles offers are the fine-grained AD delegation through role-based access control, strong automation for user lifecycle management including joiner, mover, and leaver processes, and the ability to manage multiple AD and Entra environments from one console, which makes admin work much more controlled and scalable.

One Identity Active Roles role-based access control feature has helped us significantly by replacing manual ACL-based AD permissions with structured roles, so instead of assigning rights user by user, we just assign people to predefined job roles, and the correct access is applied automatically. In practice, this reduced many mistakes such as over-permissioning, and it made audits much easier because we can clearly show who has access and why instead of digging through individual group memberships.

Overall, the automation combined with delegation capabilities of One Identity Active Roles is the biggest advantage for us, but it does take time to properly design roles and policies upfront. Once that is completed, day-to-day AD management becomes much smoother and far less error-prone.

One Identity Active Roles has reduced a significant amount of manual AD admin work, improved security through tighter access control, and made onboarding and offboarding much faster and more consistent across teams.

We have roughly cut onboarding and offboarding effort by approximately 40 to 60 percent because most of the AD provisioning is automated. We have also seen fewer access-related incidents since role-based access control reduced over-permissioning and manual group changes.

The main improvement I would suggest for One Identity Active Roles is making the UI and policy configuration more intuitive. Currently, it can feel quite complex for new admins. Additionally, faster troubleshooting and clearer error messages would help significantly during setup and changes.

Reporting could also be stronger, especially out-of-the-box audit reports. We often end up customizing or exporting data to get the exact compliance view we need. Additionally, initial role design is powerful but somewhat time-consuming, so better templates or guided setup would really help speed things up.

One Identity Active Roles is generally considered stable in enterprise environments. In my experience, it runs reliably for day-to-day AD automation and delegation with very little downtime. Most issues we have seen are not core stability problems but occasional performance slowdowns or configuration-related behavior, especially in larger or more complex environments. Overall, once it is properly configured and tuned, it is stable enough for production use, even for critical identity lifecycle and role-based access control operations.

One Identity Active Roles is generally highly scalable in enterprise AD environments. In practice, it handles multi-domain, multi-forest Active Directory setups and even hybrid AD plus Entra ID environments quite effectively. It is commonly used in organizations with tens of thousands to hundreds of thousands of identities. From my experience, scalability is strong because it supports centralized management across multiple AD domains from a single console. Automation and workflows scale with user volume, so provisioning does not become more manual as users grow. Additionally, role-based delegation keeps admin overhead stable even as organization size increases. It is designed for large enterprise identity environments, not just small AD setups. The main things to watch at scale are performance tuning and database architecture planning, especially if workflows and auditing are heavily used. However, overall it scales effectively when properly architected.

Customer support for One Identity Active Roles has generally been good and technically strong in my experience. Support is usually responsive for critical issues and provides solid practical guidance for AD workflow problems. However, for low-priority tickets, the response time can sometimes be slower, and you may need to rely on documentation or knowledge base articles. Overall, I would rate support quality around an eight out of ten.

Before One Identity Active Roles, we relied mainly on a mix of manual AD management plus custom PowerShell scripts and a few basic identity tools that did not scale effectively. We switched because the scripting approach became hard to maintain, inconsistent across teams, and risky in terms of over-permissioning. One Identity Active Roles provided us centralized role-based access control, better auditability, and automation that reduced dependency on individual scripts and manual admin effort.

Integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately difficult at first, especially aligning it with existing AD structure and legacy scripts. However, once connectors and policies were properly configured, it became stable and fits effectively into our directory services ecosystem.

We have seen a clear return on investment with One Identity Active Roles, mainly in time savings and reduced manual effort rather than headcount reductions. Before One Identity Active Roles, onboarding, offboarding, and access changes used to require a significant amount of manual AD work across teams. Now, most of it is automated through workflows, so we have reduced provisioning and deprovisioning effort by roughly 40 to 60 percent, which translates to saving several hours per admin per week. Once a year, that effectively frees up close to one full-time admin's workload capacity, which we allocated to another IAM security task instead of hiring more staff. Additionally, we have seen fewer access-related incidents and audit corrections because role-based access control and delegation reduced over-permissioning. That is harder to put an exact number on, but it has definitely lowered compliance firefighting during audits and saved time on rework.

Our experience with One Identity Active Roles has been that pricing is on the higher side since it is enterprise licensing based on managed users, and setup cost is mainly around initial implementation effort and possibly some professional services for design and deployment. Licensing itself is a bit complex to understand at first, but once scoped properly, it is manageable. Overall, it felt expensive upfront but justified because of the automation and long-term reduction in admin effort and operational cost.

We did evaluate a few alternatives before going with One Identity Active Roles. We looked at Microsoft Entra ID Governance, SailPoint Identity Security Cloud, and Softerra Adaxes. In the end, One Identity Active Roles fit best for our environment because it was more focused on deep Active Directory management, delegation, and automation without a heavy identity governance and administration overhead, which matched our needs better than the broader governance platforms.

My advice to others looking into using One Identity Active Roles is to invest time in design before implementation, especially around role structure and OU permission modeling. One Identity Active Roles is powerful, but it only works as effectively as the role-based access control and delegation model you build. Start small with core use cases such as joiner, mover, leaver automation, and basic AD delegation, then expand into advanced workflows once the foundation is stable. Additionally, involve your AD and security teams early because cleanup of existing permissions is usually the hardest part.

Do not underestimate the learning curve. Once it is properly configured, it runs very smoothly, but the initial setup and policy design is where most teams struggle.

Delegation through One Identity Active Roles has worked very effectively. We have been able to safely give regional IT teams limited AD control without exposing full domain admin rights, which reduced bottlenecks on the central team and made user management much faster.

One Identity Active Roles has had a strong positive impact on our organization's compliance efforts because role-based access control delegation controls and audit logs make it much easier to prove least privilege and track who changed what in Active Directory. During audits, we can quickly generate evidence instead of manually collecting data from multiple systems, which has reduced both effort and risk of gaps.

We have consolidated most AD user provisioning, delegation, and lifecycle management into One Identity Active Roles instead of using multiple separate scripts and manual processes.

One Identity Active Roles automation capabilities are one of its strongest areas. For example, we have automated user onboarding where account group memberships and mailbox access are created from HR input without manual intervention and also auto-disable accounts after termination or contract expiry, which has reduced a significant amount of manual AD work. I would rate this product an eight out of ten overall.

One Identity Active Roles is primarily used for Active Directory administration, delegation, delegated access control, user provisioning, and automating routine account management tasks.

One Identity Active Roles automatically creates user accounts with correct group memberships and permissions based on the department and role, which saves a lot of manual AD work during onboarding.

One Identity Active Roles is also used for auditing and approval workflows, especially for sensitive AD changes where better control and tracking are needed.

The best features One Identity Active Roles offers are delegated administration, automation workflows, centralized AD management, and the detailed auditing capabilities that make tracking changes much easier.

Delegated administration has made the biggest impact because it allows the different teams to manage specific AD tasks securely without giving full domain-level access.

The automation and approval workflows stand out significantly in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted the organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

The UI of One Identity Active Roles could be more modern and responsive, and some advanced workflow configurations can feel complex during setup.

Better cloud integration and simpler reporting customizations would definitely improve the overall experience, especially in hybrid environments.

One Identity Active Roles has been in use for two years.

One Identity Active Roles is very stable.

One Identity Active Roles scales very well in large enterprise environments, especially for organizations managing multiple domains, hybrid AD setups, and high volumes of user provisioning tasks.

Customer support for One Identity Active Roles is great.

Before One Identity Active Roles, the organization mostly relied on native administrative Active Directory tools and manual processes. The switch was made for better automation, delegation, and centralized control over AD management.

A few other IAM and AD management solutions were evaluated before choosing One Identity Active Roles, including SalePoint, Microsoft Entra ID, and ManageEngine.

The integration of One Identity Active Roles with the existing IT infrastructure and directory services was fairly smooth overall since it works well with existing Active Directory environments, though some advanced integrations and workflow customization required extra planning and testing.

Clear ROI has been seen with One Identity Active Roles, mainly through the time savings and reduced manual administration. Onboarding, permission updates, and account management tasks that used to take a lot of manual effort are now largely automated and completed much faster.

The pricing, setup cost, and licensing of One Identity Active Roles are definitely enterprise-focused, but the value from the automation, delegation, administration, and the reduced manual AD effort makes the investment worthwhile in large environments.

My advice to others looking into using One Identity Active Roles is to plan your delegation model and automation workflows carefully before deployment because the platform delivers the most value when roles, approvals, and AD processes are well-structured from the beginning.

One Identity Active Roles has been a reliable solution for improving AD governance, reducing manual administration, and enforcing better access control across the environment. The overall review rating for One Identity Active Roles is 8 out of 10.

I am an end user of One Identity Active Roles for internal access and system purposes. When I need access to an internal dashboard to analyze business data for a project, I raise a request through One Identity Active Roles. The request goes through the approval process, and once approved, I am granted access without needing to contact the IT team directly. This helps me complete my tasks on time, and the status can be easily tracked so I do not have to manually follow up. The approval workflow makes the process secure and smooth, and even though I am not from a technical background, it helps me significantly.

I use One Identity Active Roles to gain access to some particular tools that are shared among multiple interns in my company.

The best feature that One Identity Active Roles offers is the approval flow, which gives access only to authorized persons, making the process secure. The user-friendly interface allows someone without a technical background to apply for the tools needed and be given access.

The approval process makes things more secure and efficient. This process prevents unauthorized and accidental access to sensitive tools and data, which are major concerns for my company. I have been told to access some particular tools and data through that portal only.

One Identity Active Roles has made things more organized and secure across the company. It has also reduced the need to contact IT administrators directly, saving time for both me and the IT staff. During the orientation program, I was informed that the use of this tool has reduced the IT team's workload. Previously, the IT team needed to provide the tool and monitor who was using it, but now with this tool, they do not have to specifically check on who is accessing the tools and data.

The IT team has reduced their workload by around four hours, although I do not know the specific hours saved. Access to the tools has become much faster; as soon as I apply, it goes through the approval process, and if the tool is required, then access is provided to me or any other IT intern.

One Identity Active Roles could be improved by speeding up the approval process, especially for urgent access requests. Sometimes I need urgent approval, and then I have to call the IT team to manually pass my approval. An option to flag that I need the tool urgently would help the IT team know to expedite that approval in the future. I have seen times when I need a tool urgently, but the process takes time.

The dependency on approval sometimes causes delays, which can slow down urgent work that I am doing, particularly as my position as an intern has been growing.

By the first of May, it has been approximately two months since I have been working in my current field.

One Identity Active Roles is quite stable, and I have not seen any downtime or crashes in my use case.

One Identity Active Roles is a great tool, pretty scalable, and stable for the daily purposes we are using it for. It can be easily deployed in the company, and it is a stable solution for non-technical users like myself.

I received one or two days of training to use all One Identity tools utilized in my company, such as One Identity Active Roles, One Identity OneLogin, and Safeguard Manager, which are all great tools. I would rate this review a 7.5 out of 10.

One Identity Active Roles is used primarily for managing Active Directory, including user provisioning and group management. When a new employee joins, I use One Identity Active Roles to automatically create their AD account, assign them to groups, and apply policies, all with proper approvals.

Apart from basic user provisioning, I use One Identity Active Roles daily for managing and controlling Active Directory permissions in a structured way.

The best features One Identity Active Roles offers are delegated administration and automation, which stand out the most because they reduce admin workload and improve security. Delegated administration and automation significantly reduce admin workload while improving security and control.

For example, HR or help desk can create or modify users, but only within defined limits - they cannot make critical changes outside their scope.

One Identity Active Roles reduces the risk of misuse or accidental changes, and a workflow benefit is that the centralizing IT team does not handle every request. One Identity Active Roles has had a very positive impact on the organization, especially in terms of security and control over Active Directory.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has significantly helped implement least privilege principles. Instead of giving broad admin rights, very specific permissions are assigned based on roles, tasks, and need-to-know access. One Identity Active Roles has had a strong positive impact on the organization's compliance efforts. All changes in AD are logged and traceable, which helps during audits. Fine-grained permissions ensure users only have the access they need, while naming conventions, access roles, and security policies are automatically enforced.

One Identity Active Roles is very useful, though there are a few areas where it could be improved, such as the user interface, policy creation, and reporting - it requires good knowledge of Active Directory. The UI can feel outdated and not very intuitive for new users, and the learning curve is steep. Sometimes there can be slight delays when handling large-scale operations, and the reporting needs to be more helpful for audits.

I have been using One Identity Active Roles for around six months.

One Identity Active Roles is generally a stable and reliable solution based on my experience.

One Identity Active Roles is highly scalable and works well in both medium and large enterprise environments, as it can manage multiple AD domains, Azure AD tenants, and even hybrid environments from a single console.

Customer support for One Identity Active Roles is generally good, especially for standard issues and guidance. The support team is knowledgeable about the product and AD environments, being helpful for configuration issues, troubleshooting, and best practices.

Before implementing One Identity Active Roles, I was primarily managing AD using native tools from Microsoft Management Console, such as Active Directory Users and Computers. I switched because the manual effort was too high, and there was limited delegation and no centralized control.

Integrating One Identity Active Roles with the existing IT infrastructure and directory services was relatively smooth, especially since it is designed to work seamlessly with AD on-premise. It integrates natively with the AD, so the core setup is straightforward.

A strong return on investment has definitely been seen.

My experience with pricing and licensing for One Identity Active Roles has been reasonable for an enterprise solution, but it does require proper planning. The initial setup can involve some cost in terms of time and resources, especially for configuration, policy design, and integration, as skilled Active Directory or IAM professionals were required.

Before selecting One Identity Active Roles, I evaluated a few other options to compare features and fit for the requirements, such as Microsoft Identity Manager.

My impression of the automation capabilities provided by One Identity Active Roles is very positive - they significantly reduce manual effort and improve consistency. For example, when a new employee joins, I use a predefined template, and One Identity Active Roles automatically creates the user account, applies naming conventions, assigns the correct groups, and enforces policies; previously, this required multiple manual setups, but now it is done in a few clicks with consistent results.

One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks related to Active Directory. Many repetitive tasks are automated, so admins spend much less time on routine activities. Delegated administration allows other teams to handle common requests instead of escalating everything.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very positive, as it has made the workflow much more efficient and controlled. It allows specific admin tasks to be assigned to different teams, so routine tasks such as user creation or password resets are handled by help desk teams, meaning requests do not need to be escalated, so turnaround time is much quicker.

My advice for organizations considering One Identity Active Roles would be to plan the implementation carefully; clearly define your requirements and decide who should have what level of access before implementing. I would rate this product an eight out of ten.

My main use case for One Identity Active Roles is to simplify and secure the management of Microsoft Active Directory. In day-to-day work, it is mainly used for automating user lifecycle tasks such as creating, modifying, and disabling user accounts. Instead of doing everything manually, we can use workflows and policies to ensure it is done consistently.

Automation with workflows and policies in One Identity Active Roles has really reduced the amount of repetitive manual work I used to do in Microsoft Active Directory. Earlier, tasks such as user creation were completely manual. I had to create the account, assign groups, set attributes, and double-check everything. It was time-consuming and easy to miss something. Now with workflows and policies in place, most of that is automated. For example, when a new employee joins, I just trigger the process or it comes through a request. The workflow automatically creates the account, applies the correct naming convention, assigns groups based on the role or department, and even routes approval if needed.

Along with automation and diligence, one more important thing I would highlight is governance and compliance with One Identity Active Roles. Every change in Microsoft Active Directory is tracked, so we are always having a clear audit trail. That becomes really useful during audits or security reviews because we can easily show who made what changes and when. Also, the ability to enforce least privilege access is a big advantage. Instead of giving broad admin rights, we can tightly control permissions, which reduces risk. Overall, beyond just making tasks easier, it adds a strong layer of control, security, and visibility of AD operations.

One Identity Active Roles offers a strong mix of automation, security, and control when managing Microsoft Active Directory. Some of the best features from my experience are delegation with least privilege. Instead of giving full access to admin, we can assign very specific permissions. That improves security and reduces risk. Second would be automation with workflows and policies. Routine tasks such as user creation, group assignments, and provisioning are automated, which saves time and ensures consistency. Third would be centralized management. We can manage multiple Active Directory domains, Azure AD, and even Microsoft 365 from one place, which simplifies administration. Fourth would be dynamic group management. Groups can be managed based on rules instead of manual updates, which is very helpful in large environments. And lastly, auditing and reporting. It tracks all changes, so we know who did what and when, which is important for compliance and troubleshooting.

Both centralized management and dynamic group management have made a big difference for our team while using One Identity Active Roles with Microsoft Active Directory. With centralized management, earlier we had to jump between different tools or consoles to manage users across domains or services. Now everything is available in one place. Whether it is user accounts or groups or permissions, we handle it from a single interface. A good example is during bulk onboarding. Instead of coordinating across multiple admins or tools, one person can manage everything end to end, which saves time and avoids confusion. Coming to dynamic group management, this has really reduced manual effort. Earlier, whenever someone changed departments or roles, we had to manually update their group memberships. That was not only time-consuming but also error-prone. Now groups are based on rules, department, or job title. So if a user attribute changes, their group membership updates automatically. For example, if someone moves from sales to marketing, they automatically get removed from sales-related access and added to marketing groups without any manual intervention.

Along with centralized and dynamic management, one feature I really find valuable in One Identity Active Roles is the approval workflow and auditing capabilities. For sensitive changes such as modifying group membership or access rights, we can enforce approvals before anything is applied. That adds an extra layer of control. At the same time, everything is logged. So in Microsoft Active Directory, we always have a clear audit trail of who made what changes and when. This is especially helpful during audits or when troubleshooting issues. Overall, beyond just making administration easy, these features help ensure proper governance, accountability, and security.

Overall, One Identity Active Roles is a very powerful tool, but there are definitely areas where it can be improved. One area is the user interface. It can feel a bit outdated and not as intuitive, especially for a new user. A more modern and user-friendly UI would improve adoption and reduce the learning curve. Another improvement area is integration and cloud support. While it works well with on-premises Active Directory, integration with Azure AD and other cloud systems can be better and more seamless. Also, dynamic group processing and performance can sometimes be challenging in large environments, especially when there are complex rules. Optimizing performance in such cases would help. From a governance perspective, features such as attention and certification could be stronger as they are important for compliance-heavy environments. Lastly, improving integration with third-party systems and simplifying customization would make it easier for organizations to adapt it to their needs.

Along with UI and integration, I think One Identity Active Roles could improve in a few operational areas. One is reporting and dashboards. While auditing is strong, the out-of-box reports can be a bit limited or not very visual. A more customizable and user-friendly dashboard would help teams quickly get insights without extra effort. Another area is troubleshooting and error visibility. Sometimes when workflows or policies fail, the error messages are not very clear, so it takes time to identify the root cause. Better logging and clearer error messages would make support easier. Also, upgrades and maintenance can be a bit complex. Simplifying version upgrades and reducing downtime would be beneficial, especially in large environments. Finally, training and documentation for new users could be improved. Since the tool is quite powerful, having more straightforward guides or built-in help would reduce the learning curve for new admins.

Some additional improvements I would suggest include better cloud-native capabilities. As organizations move more toward cloud-first strategies, having stronger native support beyond Microsoft Active Directory would be helpful. Simplified customization is another area where, while the tool is powerful, customizing workflows or policies can sometimes be complex. Making this more low-code or user-friendly would improve productivity. Lastly, faster performance in large environments would also help because in environments with many objects and complex rules, performance tuning can be challenging. Overall, it is a very solid and reliable solution, especially for AD management, but enhancing cloud readiness, usability, and performance would take it to the next level.

I have been using One Identity Active Roles for more than a year now.

Overall, One Identity Active Roles is considered a stable and reliable solution based on both my experience and industry feedback. It is generally rated quite high for stability. Many users rate it around seven to nine out of ten. In day-to-day operations, it performs consistently, especially for core functions such as automation, delegation, and policy enforcement. There is typically no major downtime, and it handles routine Active Directory operations smoothly.

I would say One Identity Active Roles is highly scalable, especially for medium to large enterprise environments. It is designed to manage multiple domains, users, and even hybrid environments from a single platform. It can scale horizontally by adding more servers such as multiple administration services and handle large volumes of users and groups effectively. For example, it supports managing multiple Active Directory domains, Azure AD tenants, and even cloud integration from one console, which makes it suitable for growing organizations. Scalability also depends on proper design such as SQL performance, network latency, and the complexity of your workflows or dynamic groups in a very large environment. You may need tuning to maintain performance. Overall, it scales very well, but as an enterprise tool, it needs proper architecture planning as well.

My experience with customer support for One Identity Active Roles has been generally positive. The support team from One Identity is knowledgeable and understands the product well, especially for core areas such as workflows, delegations, and integration with Microsoft Active Directory. For standard issues, the response time is quite reasonable and the documentation and knowledge base are also helpful for troubleshooting. For more complex issues, it can sometimes take a bit longer as they may need deeper analysis or escalation, but they usually follow through until resolution. Overall, I would say the support is reliable and helpful, especially for enterprise environments, with occasional delays in more complex cases.

I would rate One Identity Active Roles customer support around eight out of ten. The main reason is that the support team from One Identity is knowledgeable and helpful, especially for standard issues and guidance around Microsoft Active Directory integration. They also provide good documentation and follow structured processes in resolving tickets.

Before moving to One Identity Active Roles, we were mainly relying on native tools, which are in Microsoft Active Directory, such as the default AD users and computer consoles and some powerful shell scripts. While those tools work, they have limitations, especially in larger environments. The main challenges we faced were a lot of manual effort for routine tasks, no centralized control for standardization, difficult implementation of fine-grained delegation, limited automation and workflow capabilities, and lack of proper auditing and compliance tracking. That is why we decided to switch to One Identity Active Roles, where it provided automation for repetitive tasks, better delegation with least privilege, policy enforcement for consistency, and strong auditing and reporting.

I would say integrating One Identity Active Roles with our existing infrastructure was moderate in terms of effort. It is not too difficult, but it does require proper planning. Since it is built to work closely with Active Directory, the core integration with on-premises AD was quite smooth. Connecting domains, syncing objects, and getting basic functionality up and running was straightforward. Where it gets a bit more involved is in customization and extended integrations. For example, setting up workflows based on business requirements and integrating with cloud services such as Azure AD. Also, configuring policies and delegation models properly requires a good understanding of both Active Directory structure and business processes. In large environments, planning things such as permissions, rules, and group structures upfront is important to avoid rework later. Overall, my assessment is that the initial setup is relatively smooth, especially for Active Directory, but achieving a fully automated, optimized, and customized implementation takes some time and expertise.

I have definitely seen a clear return on investment after implementing One Identity Active Roles, especially in terms of time-saving, efficiency, and reduced operational overhead in Microsoft Active Directory. To give a more direct example, I would add some points such as time saving on onboarding. Earlier, creating and configuring a user used to take around ten to fifteen minutes manually. With automation, it reduces to two to three minutes now. Another point is the reduction in manual workload. Routine tasks such as password resets and access requests are now delegated or automated. This reduces dependency on senior admins and allows the team to focus more on critical tasks. Third, we see fewer errors. With policy enforcing standards, we have seen a noticeable drop in issues such as incorrect permissions or missing attributes, which also reduces rework. For operational efficiency, instead of needing additional admin resources as the environment grows, the existing team can handle more workload due to automation. While it may not directly reduce headcount, it definitely avoids the need to hire more people.

My experience with pricing and licensing for One Identity Active Roles is that it is typically enterprise-oriented. The licensing is usually based on the number of enabled user accounts being managed in Active Directory, which makes it scalable as the organization grows. In terms of setup cost, there is an initial investment, not just for licensing, but also for implementation, such as setting up the environment, configuring workflows, and defining policies. If customization is involved, that can add to the cost as well. However, from a value perspective, it balances out over time because it reduces manual administrative effort, improves efficiency and productivity, and minimizes errors and security risks. While the upfront cost might feel on the higher side compared to native tools, the long-term benefits and operational savings make it worthwhile.

We did evaluate a few other options. We looked at native Microsoft Active Directory tools along with PowerShell scripting, but they lacked centralized management, automation, and strong delegation features. We also considered solutions such as ManageEngine ADManager Plus and Netwrix Auditor. ADManager Plus was good for basic automation and reporting, but it did not offer the same depth in delegation and policy control. Netwrix was strong in auditing and compliance, but it is more focused on monitoring rather than fully life-cycling management. The reason we chose One Identity Active Roles is that it offered a more complete solution combining automation, fine-grained delegation, policy enforcement, and auditing in one platform with strong integration with Active Directory. Overall, it gave us better control, scalability, and security compared to other options we evaluated.

My impression of the automation capabilities provided by One Identity Active Roles is very positive. It is one of the strongest aspects of the tool and has really streamlined how we manage Microsoft Active Directory. A good example is user onboarding. Earlier, it was a fully manual process creating the account, assigning groups, and setting attributes. Now, with automation, when a request comes in, the workflow handles everything automatically. Account creation, applying naming conventions, assigning the right groups based on department or role, and even triggering approvals if required. Another example is offboarding as well. When an employee leaves, the system can automatically disable the account, remove access, and update attributes. This ensures nothing is missed and improves security. We also use automation for group management. Instead of manually adding users to groups, dynamic rules handle it based on attributes such as department or job title. Overall, automation has reduced manual effort, improved consistency, and minimized errors. It also speeds up the turnaround time for requests, which is a big advantage for both IT and end users.

One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks in Microsoft Active Directory. Earlier, many tasks were manual, such as creating users, assigning groups, and managing permissions, which not only took time, but also increased the chance of errors. With One Identity Active Roles, a lot of that complexity is abstracted through automation policies and delegations. For example, instead of remembering multiple steps for user provisioning, we now rely on workflows that handle everything consistently. It also simplifies administration by providing a centralized interface. We do not have to switch between multiple tools or consoles. From a workload perspective, repetitive tasks have reduced significantly. Things such as password resets, access requests, and group updates are either delegated or automated, which frees up time for more critical tasks.

My experience with delegation in One Identity Active Roles has been very positive and it has really improved how we manage day-to-day operations in Microsoft Active Directory. Earlier, most administrative tasks were handled by a small group of admins, which created bottlenecks, especially for routine requests such as password resets or account unlocks. With delegation, we have been able to distribute these tasks to different teams such as the helpdesk, but with very controlled permissions. For example, they can reset passwords or unlock accounts, but they do not have access to sensitive operations such as deleting users or modifying critical attributes. This has had a big impact on our workflow. It reduced dependency on senior admins, improved response time for user requests, reduced workload on the core IT team, and ensured better security through least privilege access.

We have actively used the fine-grained permission control feature in One Identity Active Roles and it has had a strong impact on implementing least privilege in Microsoft Active Directory. Instead of giving broad admin access, we have defined very specific permissions based on roles. For example, helpdesk users are only allowed to reset passwords or unlock accounts, but they cannot modify critical attributes or delete users. This level of control has significantly reduced the number of privileged accounts in the environment. It also minimizes the risk of accidental or unauthorized changes. Another benefit is that the permissions are tied to roles, not to individuals. So it is easier to manage when people change teams or responsibilities. Overall, it has helped us enforce least privilege in a practical way, giving users exactly the access they need and nothing more, thereby improving both security and accountability.

My main advice for anyone looking to implement One Identity Active Roles is to focus on planning and design upfront. First, clearly define your roles, permissions, and delegation model before implementation. One Identity Active Roles is very powerful, but if the structure is not planned well, it can become complex later. Second, start with basic automation and policies and then gradually expand. Trying to automate everything at once can make troubleshooting difficult. It is better to take a phased approach. Third, I would say to implement least privilege principles from the beginning. Design delegation carefully so users only get the access they need. This avoids rework and improves security. Overall, my advice would be to plan well, start simple, and scale gradually because One Identity Active Roles is a very powerful tool, but it works best with a structured approach. I give this solution an overall rating of nine out of ten.

I have been using One Identity Active Roles for approximately three to four years as a part of my role as a Senior System Administrator, where I gain hands-on experience in implementing and managing One Identity Active Roles for centralized Active Directory administration, including creating and managing access templates, configuring role-based access control, automating user provisioning and de-provisioning processes, setting up approval workflows, enforcing policies, and delegating administrative tasks securely, along with troubleshooting synchronization issues and integration with existing AD infrastructure to ensure compliance, operational efficiency, and reduced manual effort in a large enterprise environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

In my daily work, I use One Identity Active Roles to automate user onboarding and offboarding processes, where new users are automatically created with correct permissions, group memberships, and policies based on their role, and during offboarding, accounts are disabled and access removed instantly, which helps me to reduce manual effort, improve accuracy, and ensure better security and compliance.

The best features of One Identity Active Roles that stand out to me are mainly automation, delegation, and policy enforcement, as these provide me the most value in a real-world environment, where automation helps in streamlining user provisioning, de-provisioning, and group management through workflows, significantly reducing manual effort and errors, while fine-grained delegation allows secure role-based access control so that service desk or junior admins can perform limited tasks without giving full domain access, improving security and reducing the risk of privilege misuse, and policy enforcement ensures that all objects follow predefined standards like naming conventions, mandatory attributes, and compliance rules, maintaining consistency across the environment, along with strong workflow management and approval processes for sensitive changes, dynamic group management, and detailed auditing and reporting that help track every change for compliance and security purposes, making One Identity Active Roles a powerful tool for centralized, secure, and efficient identity and access management.

One feature that I feel is not highlighted enough is the powerful auditing and reporting capability in One Identity Active Roles, which provides detailed tracking of every change made within the Active Directory through One Identity Active Roles, including who performed the action, what changes were made, and when, making it extremely useful for compliance, security investigation, and troubleshooting, and in addition, the ability to customize workflows and scripts using PowerShell integration is also very valuable as it allows extending functionality based on business requirements, automate complex tasks, and integrate with other system solutions more adaptively to different needs.

In our organization, One Identity Active Roles is deployed in a hybrid environment, where the core One Identity Active Roles components such as the administration service and management console are hosted on-premises within our data center for better control and security, while it also integrates with cloud services like Azure AD to support hybrid identity and access scenarios, allowing us to manage both on-premises and cloud-based identities centrally, which provides flexibility, scalability, and aligns with our organization's gradual cloud adoption strategy.

One Identity Active Roles can be improved by enhancing its user interface to make it more modern and intuitive, as sometimes navigation and configuration feel complex for new users, and additionally, improving reporting and dashboard capabilities with more customizable and real-time analytics would add significant value, while better native integration with cloud platforms like Azure AD and hybrid environments could also strengthen support for evolving infrastructure needs, and simplifying workflow design with more visual and user-friendly options, along with improved performance during large-scale operations, would make it even more efficient and easier to manage the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I have been working in my current field for the last 12 years.

One Identity Active Roles is a very stable and reliable solution in our experience, as it runs reliably in production with minimal downtime and handles large-scale Active Directory environments efficiently, provided it is properly configured and maintained, and we have seen consistent performance in day-to-day operations like provisioning, delegation, and policy enforcement without major issues.

One Identity Active Roles scales very well as the organization grows, as it is designed for enterprise environments and can handle a large number of users, groups, and directory objects efficiently, and in our experience, it has supported increasing workloads without performance issues, especially due to its centralized management, automation, and role-based delegation model, which allows us to scale the system to manage more identities without adding proportional administrative effort, and it also supports hybrid environments like on-premises and cloud integration, making it flexible for expansion based on industry needs where organizations have reported scalability issues and that continue to perform reliably as the user base and infrastructure grow.

My experience with customer support for One Identity Active Roles has been generally positive, as the support team is technically strong and responsive in handling issues in most cases, and they provide clear guidance and effective solutions.

Before implementing One Identity Active Roles, we were primarily using native Active Directory tools along with manual processes and some basic PowerShell scripts for user and group management, but we switched to One Identity Active Roles because those methods were time-consuming, error-prone, and lacked proper governance, delegation, and auditing capabilities, and as the organization grew, it became difficult to manage the identity life cycle efficiently, so we needed a centralized solution that could provide automation, role-based delegation, policy enforcement, and detailed auditing, which One Identity Active Roles delivered efficiently, helping us standardize processes, improve security, and reduce operational overhead.

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, as it integrates quite well with Active Directory out of the box and aligns with the standard Microsoft environment, so the initial setup and synchronization were straightforward, but some complexity came in when configuring advanced workflows, custom policies, and integration with the hybrid environment like Azure AD, which required careful planning, scripting, and testing, so overall, it was manageable with good documentation and experience, but not completely plug-and-play for more advanced use cases.

We have definitely seen a strong return on investment after implementing One Identity Active Roles, mainly in terms of time saving, reduced workload, and improved efficiency, where user provisioning and access requests that earlier took hours are now completed in a few minutes through automation, and we observe around a 40 to 50% reduction in service desk tickets related to Active Directory tasks, which allows the team to focus on more critical activities instead of repetitive work, while delegation reduces dependency on senior administrators, indirectly saving manpower effort, and overall, the reduction in errors, faster onboarding, and improved compliance also contribute to cost savings and operational efficiency, making it a valuable investment for the organization.

My experience with pricing, setup cost, and licensing for One Identity Active Roles has been that it is on the higher side compared to native tools, as it follows an enterprise licensing model, typically based on the number of managed users or accounts, but the cost is justified by the value it delivers in terms of automation, security, compliance, and reduced operational overhead, while the initial setup cost includes infrastructure implementation and possible professional services, which require some planning and investment, and licensing management can be a bit complex depending on the organization's size and requirements, but overall, it is considered a worthwhile investment for large environments where efficiency, governance, and scalability are critical.

Before selecting One Identity Active Roles, we evaluated solutions such as Microsoft Identity Manager and SailPoint IdentityIQ, but we chose One Identity Active Roles because it provided a better balance of ease of deployment, strong Active Directory integration, effective delegation, and built-in automation, specifically tailored for our AD environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I would rate this product an 8 out of 10.

One Identity Active Roles serves as the primary tool in our organization to streamline and secure Active Directory management by automating administrative tasks, enforcing governance policies, and reducing the risk of human error. It helps us delegate access control efficiently through role-based administration, ensuring that the right users have the appropriate permissions without granting excessive privilege. Additionally, it enhances compliance by providing detailed auditing, reporting, and approval workflows for changes made within the directory, which is especially important for maintaining security standards and regulatory requirements. Overall, it improves operational efficiency, strengthens our security posture, and simplifies identity and access management across the organization.

A practical example from our daily use of One Identity Active Roles is our automated user provisioning process, where it is configured with policies and workflows that trigger as soon as a new employee is added to our HR systems or Active Directory. The system automatically assigns the correct group membership, email access, and permissions based on their roles and department, while also enforcing naming conventions and security rules simultaneously. Privileged access requests, such as adding a user to admin groups, go through an approval workflow that requires managerial authorization and is fully logged for auditing. This approach not only saves significant manual effort for the IT team but also ensures strict governance, consistency, and compliance without relying on individual administrators to remember every policy.

Our main day-to-day use of One Identity Active Roles revolves around simplifying and controlling Active Directory operations through delegated administration and policy-based management. We allow helpdesks or junior IT staff to handle routine tasks such as user creation, password resets, and group modifications without giving them full domain access, ensuring security is never compromised. Simultaneously, we rely heavily on its built-in workflows and approval mechanisms for sensitive changes, such as privilege escalation or access to critical systems, which ensures every action follows a defined governance process and is properly audited. Its automation capabilities help maintain consistency in user attributes, enforce compliance policies, and reduce manual errors, making it an essential tool that keeps our identity management efficient, secure, and aligned with organizational standards on a daily basis.

The workflow automation and auditing features of One Identity Active Roles have made a clear impact in our daily work, especially in handling access requests and compliance tracking. When a user needs elevated privileges, the request automatically goes through a predefined approval workflow instead of relying on manual emails, ensuring proper authorization before any changes are made and every action is logged with full details. This becomes extremely useful during audits or troubleshooting because we can quickly track who made what changes and when, reducing investigation time and improving accountability. This approach also removes the dependency on manual follow-ups and minimizes the risk of unauthorized access.

One of the best features of One Identity Active Roles is its strong combination of automation, security, and centralized control, which makes Active Directory management much more efficient and governed. A standout feature is workflow automation, where repetitive tasks such as user provisioning, deprovisioning, and access changes are handled automatically based on predefined rules, saving time and reducing manual errors significantly. Another key feature is role-based delegation, which allows organizations to grant limited control access to helpdesks or junior staff without exposing critical admin privileges, ensuring a least privilege security model. One Identity Active Roles also offers policy-based management where rules enforce naming conventions, mandatory attributes, and compliance standards during any Active Directory changes, maintaining consistency across the environment. Additionally, features such as dynamic groups, memberships, and temporal access automatically add or remove users from groups based on coordination or time, which is very useful for managing temporary or role-based access. Finally, its auditing and reporting capabilities provide full visibility into who made what changes and when, helping with compliance, troubleshooting, and security monitoring. Overall, these features together make One Identity Active Roles a powerful tool for improving efficiency, strengthening governance, and securely managing identity and access management operations.

One area where One Identity Active Roles can be improved is in simplifying its initial setup and configuration process, as deployment can be complex and time-consuming for a new user or organization without deep Active Directory expertise, which can slow down adoption and require additional training or support. Additionally, improving the user interface to make it more intuitive and user-friendly would enhance the overall experience for administration, especially for those who are not highly technical. There is also scope to enhance performance in certain scenarios such as reporting over slower networks. Expanding flexibility in customization and integrations could further strengthen its usability in modern hybrid and cloud environments, making it even more efficient and easier to manage at scale.

One improvement I would particularly highlight for One Identity Active Roles is the need for seamless integration with modern cloud platforms and hybrid environments. Many organizations now operate beyond traditional on-premises Active Directory, and having more out-of-the-box connection connectors and easier configuration for tools such as Azure or other SaaS applications would save time and effort. Making reporting and dashboards more customizable and intuitive would help administration quickly derive insights without relying on external tools. Improving documentation and in-product guidance could also make troubleshooting and advanced configuration much easier, especially for new users who are still becoming familiar with the platform.

I have been using One Identity Active Roles for the last two years.

One Identity Active Roles is generally considered a stable and reliable solution in most enterprise environments, as many users rate its stability quite high, often between seven to ten out of ten. They highlight that it performs consistently well for automation, delegation, and auditing tasks.

One Identity Active Roles is highly scalable and can easily support large enterprise environments with thousands to even hundreds of thousands of users across multiple domains. It grows well with our organization's needs without major performance issues, making it suitable for both mid-sized and large companies.

Customer support for One Identity Active Roles is generally good, as most users report that the support team is responsive, technically knowledgeable, and ready to assist whenever tickets are raised, often providing clear and practical solutions to issues. Although in some cases there are slight delays or slower responses for more complex problems, the overall support experience is positive and reliable, though there is room for improvement in response time for critical or advanced issues.

Before adopting One Identity Active Roles, we were primarily relying on native Microsoft Active Directory tools and manual PowerShell scripts for user and access management. We switched because those methods lacked centralized governance, automation, and proper auditing capabilities, which made the process time-consuming and prone to errors. As our environment grew, managing permissions and ensuring compliance became increasingly complex, so moving to One Identity Active Roles helped us streamline operations with automation, enforce consistent policies, and gain better visibility and control over all directory-related activities.

Integrating One Identity Active Roles with our existing IT infrastructure and Active Directory is moderately straightforward but not entirely simple. It fits well within our traditional Active Directory environment and connects effectively with directory services. However, the initial setup, configuration of policies, and aligning it with existing workflows require careful planning and some expertise, especially when customizing roles and permissions. While basic integration is smooth, more advanced setups such as hybrid environments or additional system integrations can add complexity. Overall, it is manageable but does require a certain level of technical understanding to fully optimize its capabilities.

We have seen a clear return on investment with One Identity Active Roles, as it has reduced manual administration effort by approximately fifty to sixty percent, which directly translates into time savings for the IT team. In some cases, tasks that earlier took fifteen to twenty minutes, such as user provisioning or access changes, are now completed in just a few minutes through automation, while also reducing errors significantly, which avoids network and potential security risks. Overall, it has allowed us to handle the same workload with fewer resources or relocate team members to more strategic tasks, ultimately improving our productivity and delivering strong value compared to the investment made.

Our experience with pricing, setup cost, and licensing for One Identity Active Roles has been generally positive, though with a few considerations as the solution follows a subscription-based licensing model, typically calculated based on the number of managed users and required features, which makes it scalable but can become relatively expensive for larger organizations and environments. The initial setup and procurement process was smooth with good vendor support, but the overall cost is on the higher side compared to basic tools, though it is justified by the value it delivers in automation, governance, and time savings. In our case, we found that the return on investment was strong because it significantly reduced manual efforts and administrative workload, making the pricing work despite the higher upfront and licensing costs.

Before selecting One Identity Active Roles, we evaluated a few other identity and Active Directory management solutions such as Microsoft Entra ID, Okta, and ManageEngine ADManager Plus, as they are commonly considered strong alternatives in the identity and access management space with capabilities such as automation, access control, and governance. While each had its strengths, especially in cloud integration or ease of use, we ultimately chose One Identity Active Roles because it offered more granular control, deeper Active Directory management, and stronger policy-based governance tailored to our on-premises and hybrid environment needs.

My advice for anyone considering One Identity Active Roles would be to invest time in proper planning and initial setup, especially around role design, delegation models, and policy configuration, because the real value of the tool comes from how well these are structured from the beginning. Also, ensure your team has a good understanding of Active Directory. I would rate this product a nine out of ten overall.