I have been working in the cybersecurity field for about one year using One Identity Active Roles.

One Identity Active Roles is used for Active Directory management and user lifecycle management, including tasks such as user provisioning, group management, and enforcing access policies in a controlled and automated way.

When a new employee joins, I use One Identity Active Roles to create the user account with predefined templates and automatically assign the required groups and permissions, ensuring consistency and saving time. Similarly, when someone leaves, I can quickly disable the account and remove access.

Password resets and access requests represent another scenario related to our main use case, where Active Directory allows us to delegate tasks securely to help desk teams without giving full admin rights, reducing the workload on admins and ensuring proper control and auditing.

One Identity Active Roles has improved our daily operations by simplifying user management and reducing manual work, as tasks like user creation, password resets, and access changes are faster and more consistent while also improving security by controlling permissions and keeping proper audit logs. Overall, it saves time and makes administration more efficient.

We saw around forty to fifty percent time savings in routine tasks like user creation and password resets, while the help desk workload also reduced since tasks are delegated properly, and errors in access management decreased, improving overall security and consistency.

The best features of One Identity Active Roles, in my opinion, are automated user lifecycle management, rule-based access control, and delegation, which allows us to automate the creation and modification of user roles, saving a lot of time while providing fine-grained access control with least privilege, thereby improving security.

The features are very helpful in daily work, especially with delegation, where we can give limited access to the help desk team to handle tasks like password resets or unlocking accounts without giving full admin rights, improving security and reducing the workload on senior admins.

One more useful feature of One Identity Active Roles is auditing and reporting, which tracks all changes made to user accounts and access, being very helpful for troubleshooting and compliance. Many people do not realize how useful this is for maintaining security and accountability.

One Identity Active Roles is very helpful, but a few improvements could make it even better, such as simplifying the user interface to make it more user-friendly, especially for new users, and making setup and configuration easier. Adding more customization in reporting and improving performance for larger environments would further enhance the experience. Overall, it is a strong tool with minor areas for improvement.

Navigation between different options can feel complex, so simplifying that would help. Additionally, quicker search and better filtering options for users and groups would make daily tasks even faster, enhancing usability.

I have been working in my current field for three years.

One Identity Active Roles is generally stable and reliable, with most users rating its stability quite high, often between a seven to ten out of ten, consistently performing for daily operations like automation and user management without major downtime reported.

One Identity Active Roles is highly scalable, capable of handling large environments with thousands or even hundreds of thousands of users across multiple domains without major issues and continuing to perform well and manage user groups and policies efficiently as the environment grows.

The customer support is good, with the team being knowledgeable and helpful, usually assisting well with issues, although response times can sometimes vary depending on the complexity.

I would rate the customer support a nine out of ten.

We were not using any dedicated solution before One Identity Active Roles, as most tasks were handled manually in Active Directory, and we switched to reduce manual efforts, improve security, and make user management more efficient.

The integration of One Identity Active Roles with our existing IT infrastructure and directory services was relatively easy since it works closely with Active Directory, where the basic setup was straightforward; however, some configuration and fine-tuning took time. Once integrated, it works smoothly with our existing infrastructure.

We have seen a good return on investment, as routine tasks like user creation and password resets became faster, saving around forty to fifty percent of the time; delegation also reduced the workload on admins, allowing the team to focus on more important tasks, improving efficiency and reducing operational efforts.

Our experience with pricing, setup cost, and licensing has been reasonable; the initial setup took some effort, especially during configuration, but it was manageable, with licensing being flexible based on the number of users and the environment, making it scalable and providing good value considering the features and time savings.

We did not formally evaluate other tools before choosing One Identity Active Roles, selecting it based on our requirement for better Active Directory management, automation, and security.

One Identity Active Roles has significantly reduced the complexity and workload of administrative tasks related to Active Directory, as routine tasks like user creation, password resets, and access changes are automated or delegated, saving time and reducing manual efforts while making management more structured and consistent, making overall administration easier and more efficient.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very good, allowing us to assign specific tasks like password resets, account unlocks, and basic user management to the help desk team without giving them full admin rights, which has improved our workflow by reducing the workload on admins and speeding up issue resolution while also improving security and accountability since access is controlled and all actions are properly logged.

My advice for others looking into using One Identity Active Roles would be to clearly understand your Active Directory structure and requirements before implementation, plan roles and permissions properly, and make good use of the automation and delegation features to reduce manual work and improve security.

Overall, One Identity Active Roles is a reliable tool that simplifies user management and improves security, saving time and making daily operations more efficient. I would rate this product eight out of ten.

My main use case for One Identity Active Roles is to simplify and automate Active Directory management. I use it for user provisioning, group management, and to handle access requests more effectively. It helps reduce manual effort and ensures consistency in user account changes.

One Identity Active Roles automates access requests through a predefined workflow. For example, when a new employee joins, their manager can request access via a simple form. The system automatically assigns the required groups based on their role and approvals are handled within the workflow, so no manual intervention is needed from the IT team.

The delegation feature lets us assign specific admin tasks to different teams without giving full domain access. This maintains security while still allowing teams to manage their own users. It also gives us better visibility through auditing and reporting.

I have seen clear, measurable improvements after implementing One Identity Active Roles. User onboarding time has reduced from around 30 minutes to just five to 10 minutes with automated workflows. That alone has saved our IT team several hours each week, especially during bulk hiring periods. I have also noticed a significant drop in errors related to incorrect group assignments and missed access, since everything now follows predefined policies. Earlier, these issues were very common with manual changes, but now they are very rare.

The best features of One Identity Active Roles are its automation, delegation, and strong control over Active Directory. The workflow automation is especially useful. It helps handle user provisioning, approvals, and changes without manual effort. It also offers role-based delegation so you can give limited access to teams without exposing full admin rights, which improves security.

Policy-based automation stands out because it ensures all changes follow predefined rules, so there is consistency across users and groups without manual checks. Features like dynamic groups and temporal access make it easier to manage users automatically based on roles or time-based needs.

One Identity Active Roles has had a very positive impact on our organization, mainly by improving efficiency and security at the same time. Tasks such as user provisioning, access changes, and password resets are now automated, which has significantly reduced manual workload and saved a lot of time for our IT team. Automation can cut manual effort by a large margin and speed up routine operations considerably.

The automation capabilities of One Identity Active Roles are one of its strongest points. It significantly reduces manual effort by handling routine tasks through workflows and policies. For example, when a new user is created, the system can automatically assign group memberships, set attributes, and apply naming conventions based on predefined rules. Similarly, for role changes, it updates access rights without needing manual intervention. Overall, it saves time, reduces errors, and ensures consistency across the environment.

One Identity Active Roles has significantly reduced both complexity and workload for our Active Directory administration. Tasks that used multiple manual steps, such as user creation, access changes, and group management, are now handled through automatic workflows. It also simplifies operations by providing a centralized console, so admins do not have to jump between different tools or scripts. It makes day-to-day management much more straightforward and less time-consuming.

One area where One Identity Active Roles can be improved is in the user interface. It can feel outdated and not very intuitive for new users. Some tasks require multiple steps or navigation through different sections, which can slow things down initially. A more modern and simplified UI would definitely improve the overall experience.

Another area for improvement is around integration and flexibility. While it works well with the core Microsoft environment, expanding smoother integration with more third-party tools and cloud platforms would make it even more versatile. This would help organizations manage hybrid environments more seamlessly. Overall, One Identity Active Roles is already a strong product, but small enhancements in integration and scalability would be beneficial.

I have been using One Identity Active Roles for three years.

One Identity Active Roles is stable.

One Identity Active Roles is generally considered highly scalable, especially for mid to large enterprise environments. From our experience and industry feedback, it handles growth quite well as the number of users, groups, and domains increase. The platform can scale without needing a complete redesign. For example, it can support larger user bases, even 100,000+ users in some cases, and still maintain performance with proper infrastructure planning.

Customer support is very good and responsive.

Earlier we were using native Active Directory tools and some PowerShell scripts for user and access management. While that worked, it was quite manual, time-consuming, and prone to inconsistency, especially as the environment grew. I switched to One Identity Active Roles to bring in automation, better delegation, and centralized control. Overall, the move helped us to standardize the process and scale more effectively as our user base increased.

Overall, the integration was fairly smooth and straightforward, especially since our environment is already based on Active Directory. One Identity Active Roles fits naturally into AD, so the initial setup and synchronization did not require major changes to our existing infrastructure.

I have definitely seen a strong return on investment after implementing One Identity Active Roles. One clear example is in user onboarding, where what earlier took around 20 to 30 minutes per user now takes only five to seven minutes, which has saved us several hours of IT effort. Also, we have reduced dependency on senior admins since many tasks are now delegated or automated, so fewer escalations are needed. Overall, the time saving, improvement in efficiency, and reduced manual effort have made the investment worthwhile.

My experience with pricing and licensing has been generally positive, though it does not feel like a premium product. The licensing model is straightforward, and once understood, typically based on the number of managed users, which makes it predictable as the organization grows. Overall, while the cost may be on the higher side compared to basic tools, the value it delivers in terms of automation, efficiency, and security makes it a worthwhile investment.

Before choosing One Identity Active Roles, I evaluated a few other options. I looked at Microsoft's native tools and Azure Entra ID, as well as some third-party solutions such as ManageEngine ADPlus Manager. I chose One Identity Active Roles because it offered a better balance of automation, policy-based management, and fine-grained delegation, which suited our environment more effectively.

I advise others looking into using One Identity Active Roles to plan out your workflows and policies carefully before implementation. One Identity Active Roles is very powerful, but you will get the most value if your processes are clearly defined from the start. Also, start with a phased approach. Begin with key use cases such as provisioning and delegation, then gradually expand to more advanced automation. This makes adoption smoother and avoids overwhelming the team. Finally, invest some time in training and documentation so your team can fully utilize the features instead of just using it as a basic AD tool. I would rate this product a 9 out of 10.

My main use case for One Identity Active Roles is to automate and secure user lifecycle management in Microsoft Active Directory, which helps reduce manual administrator efforts, enforce policies, and enable delegated administration with proper governance. For internal role changes, One Identity Active Roles updates access rights through control workflows, ensuring least privilege access. During employees' exits, accounts are automatically disabled and access is revoked. To maintain security, I use delegations to allow helpdesk teams to reset passwords and manage basic user attributes without giving full administrative rights. Approval workflows are implemented for sensitive access requests, ensuring compliance and audit readiness.

One Identity Active Roles centralizes and automates identity and access management for Microsoft Active Directory environments, primarily used to streamline user lifecycle management, enforce security policies, and enable role-based access control through delegated administrators. The solution helps reduce manual intervention and administrative tasks such as user account creation, modification, and deactivation, ensuring that access provisioning follows standardized workflows with proper approval, improving governance and compliance. Additionally, One Identity Active Roles provides auditing and reporting capabilities, which help organizations track changes, maintain compliance, and enhance overall security posture.

One of the standout features of One Identity Active Roles is its powerful automation capability, which streamlines user provisioning and de-provisioning processes and significantly reduces manual effort and minimizes human error. The delegation model is another key strength that allows organizations to assign limited administrative rights to helpdesk teams using role-based access control without granting full domain admin privilege, enhancing security. The approval workflow engine is highly valuable, ensuring that sensitive access requests go through proper authorization, improving governance and compliance. Additionally, the auditing and reporting capabilities provide complete visibility into changes made in Active Directory, which is critical for compliance and security monitoring. Finally, its seamless integration with Microsoft Active Directory and Microsoft Entra makes it effective in managing both on-premises and hybrid identity environments.

In addition to its core automation and delegation capabilities, One Identity Active Roles offers several advanced features that enhance identity management. One notable feature is policy-based management, allowing organizations to enforce standardized rules such as naming conventions, attribute validation, and access control policies automatically. The solution also provides a web-based interface, enabling self-service capabilities for end-users and simplifying administrative tasks for IT teams. Another valuable feature is its advanced auditing and reporting system, providing detailed insight into all changes made within Active Directory, which is particularly useful for compliance and security monitoring. One Identity Active Roles supports hybrid identity environments through seamless integration with Microsoft Active Directory and Microsoft Entra ID, allowing centralized management of both on-premises and cloud identities. Additionally, the solution includes flexible workflow customization, enabling organizations to design approval processes tailored to their business requirements. Overall, these additional features make One Identity Active Roles a comprehensive and scalable identity and access management solution.

One Identity Active Roles can be improved, as there are a few areas that could be enhanced. The initial setup and configuration can be complex, especially when designing workflows, policies, and delegation models. It requires proper planning and skilled resources to implement effectively. The user interface, although functional, could be more modern and intuitive, as new users may require some time and training to become comfortable with the system. Reporting flexibility could also be improved, as there are built-in reports that are useful, but more customizable and user-friendly reporting options would enhance the overall experience. Additionally, the license cost is relatively high, which may concern small- to mid-sized organizations. Improving documentation and providing more guided implementation resources would help organizations accelerate deployment and reduce dependency on external support. Overall, addressing these areas would make the solution more accessible and easier to adopt.

One Identity Active Roles is a mature and feature-rich solution, but there are a few areas where improvement would enhance the overall experience, such as simplifying the initial deployment and configuration process, improving the user interface, enhancing reporting capabilities by providing more flexible options, and offering better documentation with more detailed implementation guides. Additionally, optimizing licensing costs or offering more flexible pricing models could make the solution more accessible to a wider range of organizations.

I have been using One Identity Active Roles for around one to two years in an enterprise environment, primarily for Active Directory automations and access governance.

One Identity Active Roles is stable and reliable in my environment, as I experience consistent performance with minimal downtime, handling large-scale user management operations efficiently without performance degradation. Once it is properly configured, it runs smoothly and supports day-to-day identity management tasks without issue, with any minor issues encountered mostly related to configuration and integration rather than the core stability of the product. Overall, I consider One Identity Active Roles to be a stable solution, suitable for enterprise-grade environments.

The scalability of One Identity Active Roles in my experience efficiently supports a large user base of five thousand or more users without performance issues, handling increasing workloads such as user provisioning, access management, and workflow processing with ease. The architecture allows for scaling by adding additional One Identity Active Roles servers, enabling load distribution and improved performance as the environment grows, and performs well in a hybrid environment by integrating with Microsoft Active Directory and Microsoft Entra ID, making it adaptable to both on-premises and cloud-based identity management needs. Overall, the solution provides strong scalability and can grow alongside organizational requirements without significant limitation.

My experience with customer support for One Identity Active Roles has been generally positive, as the support teams are knowledgeable and capable of handling technical issues related to configuring workflows and integration, responding promptly and helpfully to critical issues to ensure minimal operational impact. For standard or low priority cases, response times can vary, but the overall support quality remains satisfactory. The availability of documentation and knowledge-based articles is helpful, although more detailed and implementation-focused guidance would further improve the experience. Overall, I rate customer support around eight out of ten for responsiveness and technical expertise.

I previously used a different solution, managing Microsoft Active Directory manually using native administrator tools and scripts, which provided basic functionality but lacked automation, centralized control, and governance features. Most user provisioning, modification, and access management tasks were performed manually, making it time-consuming and prone to human errors, with challenges in delegation and audit visibility. After moving to One Identity Active Roles, I achieve better automation, improved security through controlled delegation, and enhanced compliance with detailed auditing and reporting, significantly improving efficiency and reducing operational risk compared to the previous approach.

The initial setup and configuration of One Identity Active Roles can be complex, especially when designing workflows, policies, and delegation models. It requires proper planning and skilled resources to implement effectively. Organizations need to carefully coordinate the implementation process, involving multiple teams, including AD, security, and infrastructure, to ensure success.

I have observed a strong return on investment after implementing One Identity Active Roles, especially in terms of operational efficiency and risk reduction, as the automation of user lifecycle management reduces manual administrator efforts by approximately fifty percent, allowing IT teams to focus on more strategic tasks, while user provisioning timing decreases by around sixty to seventy percent, improving onboarding and overall service delivery. Overall, I believe the solution delivers solid ROI within a reasonable timeframe.

My experience with the setup cost and licensing of One Identity Active Roles is that it has been on the higher side, as expected for an enterprise-grade identity and access management solution. The initial investment includes licensing, infrastructure setup, and implementation effort, with licensing typically based on the number of managed users or accounts, which can increase costs in large environments. However, the overall cost is justified by the value it delivers, as the automation capabilities significantly reduce manual administrative efforts, lowering operational costs over time while minimizing security risks and helping avoid potential compliance penalties. From a long-term perspective, I observe a good return on investment due to improved efficiency, reduced errors, and better governance. Overall, while the upfront cost might seem high, the benefits and operational savings make it a worthwhile investment for medium to large enterprises.

My advice to organizations considering One Identity Active Roles is to clearly define their identity management requirements and plan the implementation carefully. Investing time designing workflows, delegation models, and policies before deployment ensures smooth operation and maximum benefit from the solution. Organizations should also conduct a proof of concept to validate key use cases such as lifecycle automation and access governance, and proper training for administrators and helpdesk teams is essential to fully utilize the platform's capabilities. Overall, One Identity Active Roles is highly recommended for organizations looking to streamline and secure Active Directory management. I provide this review with an overall rating of nine out of ten.

One Identity Active Roles simplifies and automates user account management in Microsoft Active Directory environments, helping me reduce manual efforts, improve accuracy, and enforce standardized access control processes. The primary tasks I rely on it for are user provisioning and de-provisioning, password resets, account unlocks, group membership management, and handling joiner, mover, and leaver processes.

One practical example of how I use One Identity Active Roles for user provisioning is during new employee onboarding. When HR shares the joining details, I use One Identity Active Roles to create the user account through a predefined provisioning template. The template automatically populates attributes such as department, manager, email alias, OU placements, and required security group membership based on the employee's role. For example, if a user joins the finance team, selecting the finance template automatically assigns the correct access groups, mailbox settings, and naming standards. This saves time, avoids manual errors, and ensures the user gets the right access on day one.

In addition to onboarding and offboarding, another key use case with One Identity Active Roles is access modification during internal role changes. When an employee moves from one department to another, I use One Identity Active Roles to update the user profile and align access rights with the new role. It helps remove old permissions and assign new group membership through predefined roles, which reduces the risk of excess access.

One Identity Active Roles delivers the best features mainly focused on automation, security, and simplified identity administration. First is automated user provisioning and de-provisioning, which streamlines account creation, modification, disabling, and access removal through workflows and templates. Second is role-based access control and delegation, which allows fine-grained delegation so specific teams can manage only their required users or groups without full admin rights. Third is approval workflows that ensure sensitive access requests go through manager or application owner approvals before implementation.

In addition to provisioning and workflow automation, I would highlight reporting, auditing, and integration capabilities as a major strength of One Identity Active Roles. First is reporting and audit readiness, which provides detailed reports on user accounts, group memberships, permission changes, and administrative actions. I can easily track who made what change, when it was made, and whether it succeeded or failed, which is very useful during audits, investigations, and compliance reviews. Second is change history and accountability, where the management history feature gives visibility into modifications on specific objects such as users or groups.

One Identity Active Roles has had a very positive impact on the organization, especially in terms of efficiency, security, and compliance. One specific outcome was significant time saving during user onboarding. Earlier, creating a new user account, assigning group membership, mailbox settings, and validating access used to take considerable manual effort. With predefined templates and automated workflows, the same process becomes much faster and more standardized, allowing new joiners to get access on time with fewer delays. Another key benefit was improved security during employee exits or urgent terminations. Instead of manually checking multiple access groups, the de-provisioning workflow could immediately disable accounts, remove privilege access, and trigger follow-up actions. This reduced the risk of orphaned accounts or unauthorized access.

Automation is one of the key strengths of One Identity Active Roles because it helps convert repetitive identity administration tasks into standardized, policy-driven workflows. This improves efficiency, reduces errors, and strengthens governance.

One Identity Active Roles is a strong product, but like any enterprise tool, there are areas where it could be improved. First is a modernized user interface, as some administrative consoles and workflows can feel dated compared to newer SaaS identity platforms. Second is faster cloud-native capabilities, as deeper native integration with Microsoft Entra ID, SaaS applications, and zero-trust ecosystems could be expanded further as organizations move towards hybrid and cloud-first environments. Third is simplified upgrades and maintenance, as enterprise customers usually prefer smoother upgrade paths, reduced dependency complexity, and easier patch management with minimal downtime. Fourth is enhanced analytics and AI recommendations, where features such as anomaly detection, role mining, duplicate access identification, and AI-driven recommendations for least privilege access would strengthen governance.

In addition to the product features, I would mention documentation, support, and ecosystem integration as areas that could be enhanced in One Identity Active Roles. First is documentation and knowledge base, as more step-by-step implementation guides, architecture best practices, troubleshooting flows, and real-world use cases would help administrators deploy and manage the product faster for enterprise tools where clear and updated documentation is very important. Second is technical support experience, as faster turnaround for complex issues, more proactive guidance during upgrades and migrations, and easier access to senior technical experts would improve customer experience given that support is generally important for an identity platform because they are business-critical systems. Third is a broader integration ecosystem, as having more ready-made connectors and APIs for HR systems, SIEM platforms, ITSM tools, PAM solutions, and cloud applications would reduce customization effort. Integration with Microsoft ecosystems, ServiceNow, Splunk, and other security tools can add strong value.

In addition to the broader improvements already mentioned, there are several smaller and more practical enhancements needed for One Identity Active Roles that would add value in day-to-day operations. These include faster bulk operations, better search and filtering, improved notification options, easier custom workflow design, better performance visibility, and stronger self-service capabilities.

I have been using One Identity Active Roles for more than two years.

One Identity Active Roles is generally a stable and reliable enterprise solution, especially when it is properly sized, maintained, and implemented according to best practices.

One Identity Active Roles is generally strong in scalability, and it is designed for enterprise environments with growing identity and directory management needs. It is commonly used in medium to large organizations managing complex Microsoft Active Directory and hybrid identity environments.

One Identity Active Roles support is generally good to very good, especially for enterprise customers with active support agreements. Industry reviews commonly describe support as responsive and technically knowledgeable.

I would rate the customer support for One Identity Active Roles an 8 out of 10. The main reasons are that support teams generally understand identity management workflows and Microsoft Active Directory environments well, and they are helpful for standard issues, configuration troubleshooting, and upgrade-related cases that are usually handled effectively. Complex cases can sometimes take longer to resolve, and escalation response times could be faster, which prevents a higher score.

Before adopting One Identity Active Roles, many organizations, including ours, primarily relied on a combination of native Microsoft Active Directory tools and manual processes and scripts for identity administration.

I would assess the integration of One Identity Active Roles with existing IT infrastructure and directory services as moderately easy to manageable, especially in environments already centered around Microsoft Active Directory. Because One Identity Active Roles is designed closely around AD administration, core integration with domain controllers, OU users, groups, and delegation administration is generally straightforward if the organization already has a well-structured AD environment, and deployment is usually smoother.

One Identity Active Roles has delivered a clear return on investment, mainly through time saving, reduced manual workload, and improved control over identity processes. First is time saved on user provisioning, as before automation, a standard onboarding request could take 20 to 30 minutes manually for account creation, group access, validation, and other communications. With templates and workflows, this reduces to around 5 to 10 minutes. If an organization handles 100 requests per month, that can save 20 to 35 plus admin hours monthly. Second is reduced dependence on senior administrators, as routine tasks like password resets, account unlocks, and basic updates could be delegated to service desk teams. This allowed senior AD administrators to focus on higher-value work, such as architecture, security reviews, and escalations rather than repetitive tickets.

One Identity Active Roles is positioned as an enterprise-grade solution, so it is not the lowest-cost option, but it can deliver strong ROI when used at scale. The licensing is generally based on the number of managed users, accounts, and environment scope, which is common for identity management platforms. One Identity documentation notes managed user-based licensing metrics and usage statistics to help track compliance and future needs.

Before selecting One Identity Active Roles, it is common to evaluate multiple options based on automation, delegation, reporting, hybrid identity support, and total cost of ownership. In my case, the main alternatives considered were solutions focused on Active Directory administration and identity lifecycle management.

Organizations looking into One Identity Active Roles should approach it as a strategic identity governance and administration platform, not just another AD management tool. It delivers the most value when implemented with clear processes, role models, and automated goals in mind. One Identity positions it around secure provisioning, delegation, and hybrid AD-Entra ID management. My overall rating for One Identity Active Roles is 9 out of 10.

My main use case for One Identity Active Roles is to handle end-to-end identity life cycle process from user provisioning when an employee joins to modification during role changes, and secure de-provisioning when they leave. This ensures consistency, reduces manual error, and improves operational efficiency. Another key use case is policy-based administration. We enforce standardized naming conventions, attribute validation, and security policy across all AD objects. This helps maintain a clean and compliant directory structure. We also rely heavily on delegation and role-based access control, allowing teams like HR or service desk to perform specific activities without giving them full administrative rights. This improves both security and scalability. Additionally, One Identity Active Roles is used for workflow automation and approval, where access requests or changes go through predefined approval teams. This strengthens governance and ensures audit readiness. Overall, the main goal is to reduce manual effort, improve security, and enforce compliance.

One Identity Active Roles offers a powerful set of features that significantly improve automation, security, and governance in an Active Directory environment. One of the most valuable features is automation and lifecycle management. One Identity Active Roles allows us to automate provisioning, de-provisioning, and group management using workflows and policies. This reduces manual effort and ensures consistency across the organization.

Another key feature is policy-based administration. We can enforce business rules such as naming conventions, attribute validation, and access policies. This ensures that all changes in Active Directory follow a standardized and compliant approach. Delegation and role-based access control is also a standout feature. It enables fine-grained control over who can perform specific tasks, ensuring least-privileged access while distributing administrative responsibility efficiently.

One Identity Active Roles also provides single-pane-of-glass management for hybrid environments, allowing us to manage on-prem Active Directory, Azure AD, and Microsoft 365 from one interface. Another important feature is dynamic group management, where group memberships are automatically updated based on predefined rules. Additionally, the auditing and reporting capabilities are very strong. Every change is tracked with detailed logs, helping with compliance, troubleshooting, and audit readiness. Finally, integration and synchronization with systems such as HR tools, ServiceNow, and cloud platforms allow seamless identity management across multiple systems, making it a central hub for identity governance.

One of the biggest improvements has been operational efficiency by automating user lifecycle management, including onboarding, role changes, and off-boarding. We have significantly reduced manual effort and turnaround time. Tasks that previously took hours can now be done in a minute with far fewer errors. Another major impact has been on security and access control. With delegation and role-based access control, we have been able to enforce the principle of least privilege. Instead of giving broad administrative rights, we assign very specific permissions, which has reduced our risk exposure and improved our overall security posture. From a governance perspective, policy-based administration has helped us standardize how Active Directory is managed. This ensures consistency across the organization and eliminates issues caused by manual inconsistencies. Overall, One Identity Active Roles has helped us move toward a more automated, secure, scalable identity management model, aligning IT operations more closely with business needs.

While One Identity Active Roles is a very powerful platform, there are definitely areas where it can be improved to enhance usability and scalability. First is the user interface and experience. While it is functional, it can feel complex for a new user and less intuitive, especially for onboarding a new user. The second is the learning curve and setup. The initial setup and configuration, especially for policies, workflows, and delegation models, can be quite complex.

Third is reporting and analytics enhancement. Although auditing is strong, the reporting layer could be more flexible and visual, adding features such as more customizable dashboards and better visualization. Fourth is cloud and hybrid enhancement, such as a more seamless integration with Azure AD, Microsoft 365, and other SaaS platforms. Fifth is performance in large environments. In very large-scale deployments, some organizations may experience slower performance during complex queries or workflows. Sixth is documentation and training. While documentation exists, it can sometimes be too technical and not beginner-friendly. Overall, while One Identity Active Roles is already a robust and mature solution, improvements in usability, reporting, and cloud integration could make it even more powerful and accessible in the future.

In terms of stability, One Identity Active Roles is a very stable and mature platform. Once properly implemented, it runs reliably with minimal downtime, handles daily operations consistently, and scales well with organizational growth. Overall, One Identity Active Roles has proven to be a stable, reliable, and well-suited solution for managing Active Directory at scale.

One Identity Active Roles is highly scalable and well-suited for growing organizations. It can effectively handle a large number of users and groups across multiple domains and environments. As the organization grows, we do not need to proportionally increase the admin team. Automation handles repetitive tasks, and delegation distributes responsibility.

Our experience with One Identity customer support has been generally positive and reliable. For more complex issues, resolution may take longer, but overall, the support team is very helpful and knowledgeable.

My overall assessment is that integration with the existing IT infrastructure and directory services is moderately straightforward but requires careful planning. Since One Identity Active Roles is designed to work closely with Active Directory, the core integration is quite smooth. It connects natively with domain controllers, which makes onboarding relatively seamless in a standard Microsoft environment. However, the complexity increases when designing delegation models, configuration policies, and workflows. Basic integration is easy to moderate, and advanced configuration and customization are more complex and require expertise.

We have definitely seen a clear return on investment after implementing One Identity Active Roles. The ROI comes mainly from time savings, reduced workload, and improved efficiency rather than just direct cost reductions. For example, by automating onboarding and delegating routine tasks, we have been able to save significant administrative hours each month and avoid expanding the IT team, which directly contributes to cost savings.

Our experience with pricing and licensing for One Identity Active Roles has been on the higher side compared to native tools but justified by the value it delivers. Its pricing and licensing are based on the number of user-managed identities and the features and modules included. While the upfront cost may seem significant, it aligns with an enterprise-grade IAM solution.

One Identity Active Roles has had a significant positive impact on our organization's compliance efforts. One of the biggest advantages is the built-in auditing and traceability. Every action, whether it is user creation, group modification, or permission changes, is logged with clear details of who performed it and when. Additionally, policy-based administration ensures that all changes follow predefined rules, which reduces the risk of non-compliant configurations. One Identity Active Roles has significantly reduced both the complexity and workload of Active Directory administration. After implementation, routine tasks are automated, responsibilities are distributed through delegation, and policies ensure consistency automatically.

My advice to others considering One Identity Active Roles would be to treat it as a strategic investment rather than just a tool. Before implementing, clearly define your identity management processes. Plan your delegation model and policies carefully. Start with a key use case such as user lifecycle resolution. If implemented correctly, it can significantly improve efficiency, security, and governance, but planning is critical to fully realize its value.

Overall, One Identity Active Roles has proven to be a reliable and valuable solution for managing Active Directory at scale. While there are areas for improvement, I would suggest this as one of the best tools I have ever used across my experience. I would rate this solution a 9 out of 10.

The main use case of One Identity Active Roles is to support daily Active Directory administrator tasks. Routine tasks such as user creation, password resetting, account updates, and handling are performed through One Identity Active Roles, which can be managed by the support team and has really improved the efficiency of our teams.

A real-time day-to-day example of using One Identity Active Roles is that a help desk user can reset the password and unlock the account without accessing Active Directory directly. When new users are created, required settings are applied automatically, making our jobs easier and operations very smooth. Previously, this was taking so much time, but nowadays it is automated, so it is a very good solution.

The best features One Identity Active Roles offers, in terms of my use cases, include its policy enforcement to ensure that all changes follow predefined standards, avoiding incorrect configuration and maintaining consistency across Active Directory, the role-based access control that allows assigning permissions based on job roles to simplify management and improve security in our organization, and its automation features.

I need to highlight role-based access control in One Identity Active Roles, as it has had the biggest day-to-day impact. Automation and policy enforcement are powerful, without doubt, but role-based access control is what fundamentally changed how we operate. Earlier, many tasks were a bottleneck, with only a senior admin able to perform most Active Directory changes, resulting in many help desk tickets. However, with One Identity Active Roles, we created fine-grained roles such as password reset, group management, and user provisioning, assigned those roles to the help desk team, and restricted access to only those organizational units based on attributes. Now, 90% of routine tasks are handled without escalation.

The effect of One Identity Active Roles on the complexity and workload of administrative tasks related to Active Directory has been very positive. It significantly reduces the operational burden while making processes more structured and controlled. It has really reduced administrative complexity. Tasks are handled through templates, policies, and workflows, which has significantly reduced the workload.

One Identity Active Roles has really impacted our organization very positively. It has improved control over Active Directory operations and reduced manual efforts. Tasks are completed faster than previously and more securely. These are the positive impacts we are seeing in day-to-day operations.

One Identity Active Roles has really proved its value. While exact numbers vary by environment, the provisioning time reduced by 70 to 80% and it is very smooth, and help desk ticket resolution improved by 60 to 80%. It has really reduced the use of privileged accounts, contributing to the positive impact we are seeing.

As far as improvements to One Identity Active Roles are concerned, I do not think any lack of features is present in the solution. It is working well and is a very powerful solution. There is no need for improvement as per my requirements.

One thing I can add is that One Identity Active Roles could be more simplified for the initial setup and configuration.

I have been using One Identity Active Roles for more than four years.

One Identity Active Roles is stable.

From a scalability perspective, One Identity Active Roles is a very good solution. There is no kind of challenge.

Customer support for One Identity Active Roles is very supportive and good in their technical aspects.

From day one, we have been using One Identity Active Roles only.

Regarding Active Directory integration with One Identity Active Roles, it was very smooth and quick. We have not seen any kind of challenge, and it synced with Active Directory beautifully.

We have seen a huge return on investment with One Identity Active Roles. In many cases, that was quite measurable, such as reduction in provisioning and admin efforts by 40 to 60%, which resulted in reduced need for additional staff. Without it, we would need thousands of additional people. Cost saving and efficiency gain have led to some users reporting approximately 75% ROI and cost reduction.

I have had a great experience with the pricing, setup cost, and licensing of One Identity Active Roles. There is no challenge we have seen as far as the vendor is concerned.

We have not evaluated other options before choosing One Identity Active Roles.

I will highly recommend One Identity Active Roles because it is a very useful tool for improving Active Directory management and control. It really reduces risk and improves efficiency. It is well suited for organizations with a large Active Directory environment, which I will recommend highly. I gave this review a rating of 8.

In daily operation, the help desk handles password resetting or account unlocking without admin rights. This is our real-time example. When new users are created in Active Directory, the configurations are automatically applied. This really helps in automating the workload and reducing human errors.

The auto-provisioning or role-based permission handling makes my daily work easier and more efficient because it automates our environment since we don't have to manually onboard or deboard employees. It is totally automated which helps in reducing the workload of the IT team by about 50 to 60 percent. This makes our job easier and efficient without having human errors.

One Identity Active Roles has had a great positive impact on our organization. It has really made administrator directory management easy in a controlled way and has improved security due to reduced direct access to applications or systems, thus saving time.

I can say we have a positive impact in terms of metrics. It has really reduced administrative efforts, with a 40 to 60 percent decrease in time spent on routine Active Directory tasks such as user creation, password resetting, or any group changing for employees. This really helped the team to handle requests without any escalations and also allowed for faster user provisioning.

The initial setup of One Identity Active Roles can be more simplified. Apart from this, everything is perfect.

One Identity Active Roles simplifies and automates user and group management in Active Directory. It helps reduce manual work, manage permissions more securely, and ensure proper access control. Overall, it improves efficiency, reduces errors, and strengthens security in identity management.

A recent example of how we use One Identity Active Roles day-to-day is during user onboarding. Whenever a new employee joins, instead of manually creating accounts and assigning permissions, we use One Identity Active Roles to automate the process. We select the role or department, and it automatically creates the user, assigns the right groups, and provides correct access. This saves a lot of time and also avoids mistakes such as giving wrong permissions. It makes the process faster and more secure.

We have seen clear improvements after using One Identity Active Roles. For example, in user onboarding, what used to take around twenty to thirty minutes manually is now done in five minutes or less with automation. This represents roughly seventy to eighty percent time saved. We have also seen a big reduction in errors, especially in access assignments, since everything is role-based. I would say errors have dropped by around sixty to seventy percent. From a security point of view, we have not experienced issues such as over-permission or unauthorized access because access is controlled and audited properly. Overall, it has improved speed, reduced errors, and strengthened our security posture.

One Identity Active Roles offers several valuable features mainly around automation, security, and control. First, automation can automatically create users, assign groups, and manage access, which saves a lot of manual effort. Second, role-based access control ensures users only get the access they need. Third, delegation allows us to give limited admin rights to teams without giving full control, which reduces risks. Auditing and reporting is also very useful because we can track who made what changes, which helps in compliance. Finally, centralized management allows everything to be managed from a single console, even across multiple directories.

The feature we rely on the most in our day-to-day work is automation in One Identity Active Roles. It is very important for our team because we deal with frequent user onboarding, role changes, and access requests. Instead of doing everything manually, automation helps us complete these tasks quickly and consistently. It reduces human error, saves a lot of time, and ensures users always get the correct access based on their role. That is why it is the most valuable feature for us in our day-to-day work.

All the features in One Identity Active Roles work really well together. Automation saves time, role-based access control improves security, and auditing gives us visibility.

One Identity Active Roles is a strong tool, but there are a few areas where it can be improved. One area is the user interface, which can feel a bit complex or outdated. Making it more modern and user-friendly would reduce the learning curve. The initial setup and workflow configuration can be slightly complicated, especially for new users or smaller teams. Simplifying this would make adoption easier. Another improvement could be better cloud integration, especially with modern cloud environments to make it more seamless. Additionally, having more ready-made automation templates and better documentation would help teams implement use cases faster.

I have been using One Identity Active Roles for one point five years.

One Identity Active Roles has had a very positive impact on our organization, mainly in terms of efficiency and security. First, it has reduced manual work significantly by automating user provisioning and access management, which saves a lot of time for our IT team. Second, it has improved security by ensuring users only get the right access and reducing the risk of over-permission or errors.

One Identity Active Roles is a very reliable and powerful solution for identity and access management. It really stands out in terms of automation, security, and centralized control, especially in hybrid environments. It helps reduce manual effort, enforce policies, and maintain consistency across systems. At the same time, it has a slight learning curve and some areas of improvement, as with any enterprise tool. However, once properly implemented, it delivers strong value. I would definitely recommend One Identity Active Roles for organizations looking to improve efficiency and strengthen their identity and security.

My main use case for One Identity Active Roles is automating Active Directory administration and user lifecycle management. I primarily use it for user onboarding and offboarding, membership management, delegation of tasks, and enforcing policies such as naming convention and access controls. Overall, it helps streamline and secure operations in Microsoft Active Directory while reducing manual efforts.

One Identity Active Roles has had a very positive impact on our organization, especially in terms of efficiency, security, and standardization. One of the most noticeable improvements is in user lifecycle management. Tasks such as onboarding and offboarding, which were previously manual, are now automated. This reduced onboarding time from around thirty to forty-five minutes to under ten minutes, especially when working with Microsoft Active Directory. It has also significantly improved our team's workload.

Routine tasks such as password resets and account unlocks are delegated to the help desk, which reduced the burden on senior admins and improved response times for end-users. Another key outcome is error reduction. Since policies enforce naming conventions and group assignments, manual mistakes dropped by around seventy to eighty percent, ensuring consistency across the environment. From a security and compliance standpoint, auditing and role-based access control helps us enforce least privilege and maintain clear visibility of all changes. This made audits faster and much easier to manage.

From a workload perspective, around sixty to seventy percent of routine tasks such as password resets and account unlocks were delegated to the help desk. This reduced dependency on senior admins and allowed us to focus on more critical tasks such as security and infrastructure. In terms of measurable outcomes, onboarding time reduced from thirty to forty-five minutes to five to ten minutes per user. Error reduction was around seventy to eighty percent, especially for group assignments and naming conventions due to policy enforcement. Ticket resolution time improved significantly. Common requests that earlier took hours due to escalation were resolved in minutes. For audits, what used to take hours of manual tracking can now be done in a few minutes using the built-in logs and reports in Microsoft Active Directory. Overall, it helped us reduce manual efforts, improve accuracy, and make the team much more efficient and proactive.

The best features of One Identity Active Roles in my experience are automation, delegation, and centralized management. Those really stand out. First, automation and workflows are the most impactful. One Identity Active Roles can automate user provisioning, group management, and lifecycle processes, which reduces manual work and ensures consistency across the environment. Second, delegation with least privileges through role-based access control is a key strength. It allows us to assign specific tasks to teams such as the help desk without giving full admin access, improving both security and operational efficiency.

Another standout feature is policy-based administration. It enforces rules automatically, such as naming conventions or access policies, so everything stays standardized and compliant without manual checks. I would also highlight centralized management. It gives a single interface to manage multiple environments such as on-premises Active Directory, cloud directories, and even hybrid setups, which simplifies administration significantly. Finally, auditing and reporting is very useful. It tracks all the changes and activities, which helps with compliance, troubleshooting, and security monitoring. The combination of automation, delegation, policy enforcement, and centralized control is what makes One Identity Active Roles truly powerful.

Beyond the core features, capabilities such as Managed Units, dynamic groups, and self-service really enhance flexibility and usability in day-to-day operations. Managed Units allow us to group objects logically rather than relying only on the organizational unit structure in Microsoft Active Directory. This gives us a lot of flexibility in how we delegate access and apply policies across different teams or regions.

Dynamic groups management is another useful feature, where group membership is automatically updated based on user attributes such as department or roles. This ensures users always have the correct access without manual intervention. Self-service capabilities allow end-users or managers to request access or perform certain actions through workflows, reducing dependency on IT teams.

While One Identity Active Roles is a strong platform, a few improvements would make it even better. Many users feel the user interface is not very modern or intuitive, and it can take time to get used to navigating the console and workflows. Another improvement area is the learning curve and setup complexity. One Identity Active Roles is very powerful, but initial configuration, especially for policies, workflows, and delegation, can be complex and require experienced resources.

From an integration perspective, although it supports multiple systems, organizations would benefit from more out-of-the-box connectors and smoother cloud integrations such as Azure Active Directory and software-as-a-service applications, as some setups currently require customization. In terms of reporting, while auditing is strong, generating business-friendly reports can be challenging. Users have mentioned the need for better dashboards and easier report generation. There are also some performance considerations, especially in large environments, such as slower PowerShell execution or delays in dynamic group processing in certain cases. Overall, improvements in user interface, ease of use, integration, reporting, and performance optimization would significantly enhance the product experience.

I have been using One Identity Active Roles for around two years.

One Identity Active Roles has been quite stable and reliable overall in our experience.

In terms of scalability, One Identity Active Roles has performed well in our environment and has been able to grow with the organization. From what I have seen and based on industry feedback, it is considered a highly scalable solution, especially for large and complex environments. Many users rate its scalability quite high, around eight or nine out of ten, and mention that it can support enterprise-level deployments.

In our case, as the number of users increased, the system handled user provisioning and group management without major issues. We were able to scale by adding resources rather than redesigning the system. It continued to perform well even with more workflows, policies, and integrations in place. One Identity Active Roles works well in hybrid environments, handling both on-premises and cloud identities from a single platform, which helps as our organization expands.

The customer support for One Identity Active Roles has been generally very good and reliable in our experience. Most of the time, support responses are quick and helpful. Support engineers are knowledgeable about the product. The issues are usually resolved efficiently, especially for standard or known problems. This aligns with industry feedback as well. Many users mention quick response times, knowledgeable staff, and effective issue resolutions.

Before selecting One Identity Active Roles, we did evaluate a few other identity and access management solutions. Some of the main options we looked at included SailPoint, CyberArk, Okta, and Microsoft Entra ID. We also considered tools such as OneLogin and Saviynt, which are commonly compared in the same space. Ultimately, we chose One Identity Active Roles because it provides strong integration with Microsoft Active Directory, it offers powerful delegation and automation capabilities, and it fits well for organizations that need deep Active Directory management rather than only cloud identity and access management.

My experience with pricing and licensing for One Identity Active Roles is that it is generally on the higher side, but the value justifies the cost. In terms of licensing, it is usually based on a per-user or enabled Active Directory account model, which is fairly straightforward and easy to manage.

For pricing, many organizations consider it expensive compared to some alternatives, especially for large environments. However, the return on investment is strong because it reduces manual efforts, improves security, and lowers operational cost over time. Regarding setup cost, the initial implementation can require investing in licensing and sometimes professional services or consultants' time for proper configuration of policies, workflows, and delegation. The upfront cost can be noticeable, but once implemented, it becomes very efficient and scalable. Overall, I would say pricing is high but justified, licensing is simple and user-based, and the setup cost is moderate to high depending on complexity.

We have definitely seen a strong return on investment after implementing One Identity Active Roles. From a time-saving perspective, user onboarding time reduced by around seventy to eighty percent, from thirty to forty-five minutes to under ten minutes. Routine tasks such as password resets are now handled in minutes instead of hours. In terms of workload and staffing efficiency, around sixty to seventy percent of repetitive tasks are now handled by the help desk through delegation. This reduces dependency on senior admins, so we did not need to scale the team even as the number of users increased.

For error reduction, manual mistakes such as incorrect group assignments dropped by seventy to eighty percent due to policy enforcement. From a cost perspective, we avoided additional hiring as the organization grew. For compliance and audits, preparation time reduced from hours to a few minutes, thanks to built-in logging and reporting in Microsoft Active Directory. Overall, the return on investment comes from time savings, reduced errors, better resource utilization, and improved compliance, which together justify the investment.

One Identity Active Roles has really helped our team by standardizing and simplifying day-to-day Active Directory operations. For example, earlier we had multiple admins performing tasks differently, which sometimes led to inconsistencies. With One Identity Active Roles, everything is controlled through policies and templates, so all actions follow a consistent process. It has also improved our response time for user requests since many tasks are either automated or delegated to the help desk. Users do not have to wait for senior admins anymore.

Another important benefit is better control and visibility in Microsoft Active Directory. We can easily track changes, enforce rules, and ensure compliance without extra effort. Overall, it is not just about automation; it is also about making the environment more organized, secure, and efficient for the entire team.

My advice for organizations considering One Identity Active Roles would be to plan the implementation carefully and focus on best practices from the start. It is very important to design your delegation model and policies properly before deployment. One Identity Active Roles is powerful, but if roles, access templates, and workflows are not structured well initially, it can become complex later on.

I would recommend starting with a phased implementation. Begin with key use cases such as user provisioning and delegation, and then gradually expand to advanced features such as workflows and dynamic groups. Another key point is to follow the principle of least privilege. Assign only the minimum permissions required. This is actually one of the core best practices highlighted in the official guidance.

Overall, One Identity Active Roles is a very solid and reliable solution for managing Microsoft Active Directory environments. Its biggest strengths are automation, delegation, and policy-based control, which really help reduce manual efforts, improve security, and standardize operations. I would rate this solution nine point five out of ten.