One Identity Active Roles logo

    One Identity Active Roles

    Simplify Active Directory Security and Management with One Identity Active Roles.

    Ratings and reviews

    4.2
    82 ratings
    45%
    52%
    1%
    1%
    0%
    7 AWS reviews
    |
    75 external reviews
    External reviews are from G2  and PeerSpot .

    Filters

    Review type

    AWS Marketplace reviews
    External reviews
    Reviews (82)
    Mitali Bhosle

    Delegated workflows have transformed access governance and make directory administration consistent

    Reviewed on Jul 02, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Our main use case for One Identity Active Roles is to simplify and standardize Active Directory administration across multiple business units while reducing the amount of manual work handled by our IT team. Before we implemented it, routine tasks like creating user accounts, modifying group membership, disabling accounts for departing employees, and managing organizational unit work were performed directly in Active Directory by different administrators, which sometimes led to inconsistent processes and occasional configuration mistakes. We started using One Identity Active Roles as a centralized management layer with delegated administration, so the regional IT team could perform only the tasks they were authorized to do without receiving full domain administrative privileges. We also use it to automate common provisioning and development processes, which helps ensure new employees receive the right access more quickly and that accounts are visible promptly when someone leaves the company.

    The approval workflow and auditing capability made it much easier to satisfy internal compliance requirements because every administrative action was logged and traceable. Day-to-day administration becomes more predictable and less dependent on PowerShell scripts or manual intervention. Although the initial deployment required careful planning around role design and permissions and customizing workflows took some time to get right, overall, it reduced administrative overhead, improved consistency across our One Identity Active Roles environment, and gave us better control over privileged operations. Although I still would like to see a more modern management interface and a simpler process for implementing complex custom workflows.

    What is most valuable?

    An example that stands out regarding how One Identity Active Roles made a task easier was our employee onboarding process. Before we started using One Identity Active Roles, creating a new user account involved several manual steps performed by different administrators, including creating the Active Directory account, placing the user in the correct organizational unit, and verifying that everything matched with the employee's role. This process could take anywhere from a few hours to a full business day, and occasional mistakes such as assigning the wrong group or missing required permissions resulted in additional support tickets after the employee joined. After implementing One Identity Active Roles, we configured roles with provisioning and approval workflows so that once a request was approved, the account was created automatically with the appropriate attributes, group memberships, and naming standards based on the user's department and job function.

    This significantly reduced manual effort, improved consistency, and allowed new employees to have the correct access much sooner. It also gave us a complete audit trail of who requested, approved, and executed each change, which was valuable during compliance reviews while setting up the workflows required careful planning and testing. The long-term reductions in administrative work and provisioning errors made a noticeable difference in our day-to-day operations.

    In addition to user provisioning, we also rely on One Identity Active Roles for day-to-day Active Directory administration and delegated access management. As our environment grew, it became increasingly important to ensure that routine administrative tasks could be handled by regional IT teams without granting them full domain administrative privileges. One Identity Active Roles gave us a structured way to delegate specific responsibilities while maintaining centralized control and consistent security.

    We also used its auditing capabilities to track changes made to users' accounts, groups, and organizational units, which proved useful during internal audits and when investigating configuration changes. Another benefit was the consistency it brought to administrative processes, as everyone followed the same workflow instead of using different scripts or manual methods. It wasn't a product that eliminated every administrative task, and more complex workflow customization still required planning and expertise. But for everyday identity administrations, it helps us reduce manual effort, improve governance, and make Active Directory management much more organized and predictable.

    From my experience, the strongest features of One Identity Active Roles are delegated administration, workflow automation, and its auditing capabilities. Delegated administration made a noticeable difference because we could assign specific administrative responsibilities to help techs or regional IT teams without giving them full Active Directory permissions, which improved security while allowing routine requests to be handled much faster. The workflow automations for user provisioning, account modifications, and deprovisioning help reduce manual effort and ensure that tasks are performed consistently according to our organization's policies, minimizing human error. I also found the auditing and reporting features very valuable because every administrative action was logged, making it much easier to investigate changes, support compliance requirements, and demonstrate accountability during audits. Another feature we appreciate is the policy-based management, which helps enforce naming standards and other directory policies automatically instead of relying on administrators to remember every requirement. Overall, this feature simplifies day-to-day Active Directory management and improves operational efficiency while strengthening governance, although configuring advanced workflows and policies initially requires careful planning and a good understanding of the product to get the most value from it.

    The features we use most in our day-to-day operations are delegated administration because it directly affects how our IT team handles user management requests. We have different administrators and support teams responsible for specific business units, so instead of giving everyone broad Active Directory privileges, we assign only the permissions they need to perform their tasks. That has reduced the security risk associated with excessive administrative access while allowing routine activities such as password resets, account unlocks, user updates, and group membership changes to be completed quickly without waiting for a senior administrator. It has also made responsibilities much clearer since each team knows exactly what they are authorized to manage. However, over time, this has reduced operational bottlenecks and improved response times for end users while giving us better control over the changes being made in the directory.

    In addition to delegated administration, I think one of the strengths of One Identity Active Roles is how its features work together rather than in isolation. Delegated permissions, workflow automations, policy enforcement, and auditing complement each other, so administrative tasks are not only faster but also more consistent and easier to track. That said, I think there is still room for improvement in the user interface and in simplifying the configurations of advanced workflows, especially for organizations that don't have dedicated identity management specialists. Once the product is properly configured, it becomes a reliable platform for managing Active Directory at scale.

    One Identity Active Roles has had a positive impact on our organization by making our Active Directory administrations more consistent, secure, and efficient. Before implementing it, many account management tasks were handled manually, which increased the chances of configuration errors and delayed user provisioning, especially during periods of high onboarding activity. After moving to One Identity Active Roles, we automated many of the routine processes and introduced delegated administration, which significantly reduced the workload of non-senior administrators.

    From an operational perspective, we estimated that the time required to provision a new user account dropped from several hours to around twenty to thirty minutes in most cases because the necessary approvals, group assignments, and policies were handled through standardized workflows. We also saw fewer support tickets related to incorrect permissions or missed group memberships because the provisioning process became much more consistent. From a security standpoint, limiting administrative privileges through delegated rules reduced the risk associated with excessive access, while the built-in auditing gave us complete visibility into who made changes along with simplified compliance review and troubleshooting. Although implementing the workflows required careful planning and some fine-tuning in the beginning, the long-term benefits in terms of operational efficiency, governance, and reduced administrative effort made it a valuable part of our identity management process.

    What needs improvement?

    I think One Identity Active Roles is a mature and reliable solution, but there are a few areas where it could be improved. The biggest one is the management interface, which feels dated compared to many newer identity management platforms. While it provides a lot of functionality, navigation and configuring complex workflows can be challenging, especially for administrators who are new to the product. I also think the initial setup and customizations require a good understanding of both Active Directory and the product itself, so there is a noticeable learning curve.

    In larger environments, making changes to workflows or policies often requires careful testing to avoid unintended effects, which can slow down implementations. Reporting is another area where I think there is room for improvement, as more modern customizable dashboards and easier report creation would make it simpler to monitor administrative activity and compliance. None of these issues have been significant enough to affect the product's reliability or day-to-day operations, but improving usability, simplifying workflow configurations, and modernizing the interface would make the overall experience better for both new and experienced administrators.

    For how long have I used the solution?

    I have been using One Identity Active Roles for two years.

    What do I think about the stability of the solution?

    My experience with One Identity Active Roles has been stable. Once it was properly deployed and configured, we didn't experience any major technical issues during day-to-day operations. We consistently handle the identity management tasks such as user provisioning and group management, which help keep the environment running smoothly.

    What do I think about the scalability of the solution?

    One Identity Active Roles shows strong scalability in our environment. As our organization grows, the platform continues to perform well without requiring significant changes to our data-driven processes. One of its strengths is that the delegated administration model and the automated workflows can be extended as the organization grows, so we don't have to redesign our identity management approach every time a new team or business unit is added.

    How are customer service and support?

    My interactions with One Identity customer support have been fairly limited because the product has been stable, and we haven't needed to open many support cases. On the occasions when we did contact support, the responsiveness of their professionals and engineers was commendable. Most configuration questions were resolved within an acceptable timeframe, although more complex issues sometimes required additional follow-up before a final resolution was provided.

    Which solution did I use previously and why did I switch?

    I didn't use any solution before switching to One Identity Active Roles.

    How was the initial setup?

    We haven't used any AI-specific capabilities in One Identity Active Roles, so I can't comment on those from first-hand experience. From a governance and security perspective, the product has very strong features such as delegated administration, role-based access control, approval workflows, and comprehensive auditing, which have helped us maintain tighter control over Active Directory changes while reducing the risk associated with excessive administrative privileges. Having a detailed audit trail has also been valuable for compliance and troubleshooting because we can easily see who made a change, when it was made, and what was modified. Overall, I think its governance capabilities are one of the product's biggest strengths as identity management evolves.

    What was our ROI?

    While we did not calculate an exact return on investment, we saw a clear operational advantage by automating routine Active Directory tasks such as user provisioning, modifications, and deprovisioning, and using delegated administration. Our IT teams spend much less time on repetitive requests. Senior administrators no longer had to handle every routine change, which allowed them to focus more on strategic work while the help desk team managed common requests within their assigned permissions. We also experienced fewer errors and more consistent user management because of standardized workflows compared to manual processes. Although we didn't measure success in terms of dollars or a reduction in headcount, the improvements in efficiency, security, and management investment were evident from an operational perspective.

    What's my experience with pricing, setup cost, and licensing?

    I wasn't directly involved in the pricing or licensing decisions, so I cannot comment on the exact cost. For our operations, I believe the investment was considered worthwhile because the product relieves manual Active Directory administration and improves security through delegated administration and auditing. Like most enterprise identity management solutions, it requires planning to ensure the licenses align with the management size and requirements. However, since I wasn't responsible for evaluations or commercial decisions, I prefer not to speculate on pricing or setup costs.

    Which other solutions did I evaluate?

    I didn't evaluate any other options before choosing One Identity Active Roles.

    What other advice do I have?

    I would rate One Identity Active Roles an eight out of ten. It is a stable and reliable solution that significantly simplifies Active Directory administrations through delegated administrations, workflow automations, and comprehensive auditing. It has helped us improve consistency, reduce manual effort, and strengthen security by limiting administrative privileges and providing a clear audit trail for changes.

    I would rate customer support an eight out of ten.

    I advise others looking into using One Identity Active Roles to spend ample time on planning before deployment, especially around your Active Directory structure, determining the delegated administration model, and establishing governance policies. The product is very capable, and you'll get the most benefit by starting with a few high-quality workflows before expanding into more advanced configurations. My overall review rating for One Identity Active Roles is eight out of ten.

    Nikita Bhojwani

    Centralized workflows have improved secure user lifecycle management and reduced manual effort

    Reviewed on Jul 02, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Our main use case for One Identity Active Roles is to simplify and centralize the management of our Active Directory environment. We use it primarily for user provisioning and de-provisioning, group membership management, password reset, and delegating routine administrative tasks to our helpdesk team without giving them full domain administrator privilege. Before implementing it, most of these activities were handled manually through native Active Directory tools, which made the process time-consuming and increased the chance of human error, especially during employee onboarding and offboarding.

    With One Identity Active Roles, we have been able to standardize this process using approval workflow and role-based delegation, which has improved consistency and reduced administrative effort. One practical challenge we still face is that highly customized environments sometimes require additional scripting or policy adjustment, so it is not completely plug-and-play for every scenario. Overall, it has become a key tool for improving operational efficiency, maintaining better governance over Active Directory changes, and reducing the workload on our IT administration.

    For employee onboarding, we use One Identity Active Roles to automate the creation of new Active Directory accounts based on predefined templates. When HR confirms that a new employee is joining, we create the account through One Identity Active Roles, which automatically applies the correct organizational unit, security group, naming conventions, and access permissions based on the employee's department and role. This has reduced the manual work and helped us avoid common mistakes like assigning incorrect group membership or forgetting required permission.

    For offboarding, we follow a similar standardized process where the user's account is disabled immediately, group memberships are removed, access is revoked, and the account is moved to the appropriate organizational unit for retention according to our internal policies. Having this process centralized has made user lifecycle management much more consistent and has also simplified compliance and audit activities.

    What is most valuable?

    The biggest benefit is not just the automation itself, but the consistency it brings to everyday administration. Since routine tasks follow predefined workflows, different administrators can perform the same activity without introducing variation or accidental configuration error. It has also made it easier to delegate basic account management tasks to the service desk while keeping tighter control over privileged operations. From an operational perspective, we have spent less time on repetitive administrative work and more time on higher priority projects. There is still room for improvement, especially when working in a hybrid environment where organizations have both on-premises Active Directory and cloud identity platforms. Some advanced customization and integration still require additional scripting or planning, so it is not a complete out-of-the-box solution for every environment.

    Overall, it has made our identity administration process more structured, predictable, and easier to manage as our environment has grown.

    The features I find most valuable in One Identity Active Roles are role-based administration, user lifecycle management, workflow automation, and policy enforcement. Role-based delegation has been especially useful because it allows us to give the help desk or regional IT team access only to the tasks they need without granting full Active Directory administrative rights, which improves security and reduces the risk of additional or accidental changes.

    The automation around user provisioning and de-provisioning has also made a noticeable difference by reducing the manual effort during the employee's onboarding and offboarding while keeping the process consistent across a department. Another feature I appreciate is the policy enforcement capability, which helps maintain naming standards, required attributes, or organizational rules, reducing the number of configuration mistakes. The approval workflow and auditing feature has also been valuable during compliance reviews because they provide better visibility into who made changes and when.

    The interface could be more modern and some advanced customization still requires additional scripting and product knowledge. Even with those limitations, the combination of automation, delegated administration, and governance has made day-to-day Active Directory management much more efficient.

    One of the biggest advantages of role-based delegation in One Identity Active Roles has been that we no longer need to provide domain admin or other high-level privileges for routine administrative work. Before using this approach, even simple tasks such as unlocking a user account, resetting passwords, or updating group memberships often required elevated permissions, which increased security risks and made it harder to track responsibilities. With role-based delegation, we can assign specific permissions based on job responsibilities. The help desk can handle common user requests while scenario administrators retain control over critical changes.

    This has reduced the risk of accidental or unauthorized modification and made it much easier to follow the principle of least privilege. It has also improved accountability because every action is tied to the appropriate administrator, which is helpful during audits or when investigating changes. The only challenge is that defining the right role and permissions takes careful planning at the beginning, especially in larger organizations with multiple IT teams, but once those roles are established, day-to-day administration becomes much more secure and efficient.

    What needs improvement?

    One Identity Active Roles is a mature and reliable product, but there are definitely areas where it could be improved. The first is the user interface, which feels a bit dated compared to newer identity management platforms. While it provides all the functionality we need, new administrators often take time to become comfortable navigating it. I also think the reporting and dashboard capabilities could be more customizable, especially for organizations that want quick visibility into user provisioning activities, policy violations, or administrative changes without creating custom reports.

    Another area is hybrid identity management. As more organizations move toward cloud-first environments, tighter integration and simpler management across both on-premises Active Directory and cloud identity services would reduce the need for additional configuration. Some advanced workflows and custom policies still require scripting or product-specific expertise, which increases the learning curve. Better built-in templates, automation options, and more detailed troubleshooting guidance would make deployment and ongoing administration easier. Despite this area for improvement, the core functionality has been stable and dependable, and the product continues to handle our day-to-day Active Directory management efficiently.

    One additional area I would mention is the overall learning curve. Although experienced Active Directory administrators can become productive fairly quickly, someone who is new to One Identity Active Roles may need time to understand the delegation model, workflow, and policy configuration. I also think the documentation for more advanced use cases could include more practical, real-world examples instead of focusing mainly on feature description. As IT environments continue to evolve, I would like to see more built-in support for hybrid identity scenarios and cloud-native administration so organizations do not have to rely as much on custom integration or scripting. These improvements will not change the core strength of the product, but they would make implementation, day-to-day management, and administrator onboarding much smoother, especially for teams with limited resources and mixed levels of experience.

    For how long have I used the solution?

    I have been working in my current field for the last four years.

    What do I think about the stability of the solution?

    One Identity Active Roles has been a stable solution for our environment. Once the initial deployment and configuration were completed, we did not experience any major issues that affected day-to-day operations. It has handled routine tasks such as user provisioning, account updates, group management, and delegated administration consistently without unexpected interruption. Most of the issues we encountered were related to configuration changes or integration with other systems rather than the product itself.

    We also found that keeping the platform updated and following the recommended maintenance practices helped maintain its stability. Like any enterprise identity management solution, it requires proper planning and regular monitoring, but overall, it has been dependable and reliable for managing our Active Directory environment. I would not describe it as completely maintenance-free, but from an operational standpoint, it has been stable enough to support our daily identity management process with minimal downtime.

    What do I think about the scalability of the solution?

    One Identity Active Roles scales effectively as the environment grows. We started by using it mainly for routine Active Directory administration, but as the number of users, groups, and administrative requests increased, it continued to perform reliably without requiring major changes to our process. Adding new departments, expanding delegated administration, and introducing additional workflows was straightforward because the platform is designed to support enterprise environments.

    Performance remained consistent even as our directory became larger, and we did not notice any significant delay in day-to-day operations. Scalability also depends on the underlying infrastructure and how well the environment is planned. In larger or more complex organizations, it is important to design the architecture correctly and review the policy periodically to maintain performance. Overall, we have found it to be capable of supporting organizational growth while keeping identity administration centralized and manageable.

    How are customer service and support?

    Our experience with customer support for One Identity Active Roles has been positive. Most of the time, the support engineers are knowledgeable about the product and respond within a reasonable timeframe, especially for issues related to configuration or troubleshooting. During implementation, we reached out a few times for guidance on workflow configuration and permission delegation, and they were able to explain the recommended approach instead of just providing a temporary fix.

    For more complex issues, the resolution sometimes took longer because they needed to review logs or escalate the case, but we received regular updates throughout the process. I also found the documentation and knowledge base helpful for resolving common questions without having to open a support ticket. There is room for improvement in reducing response time for advanced technical cases. Overall, the support experience has been reliable and has helped us keep the environment running smoothly.

    Which solution did I use previously and why did I switch?

    Before implementing One Identity Active Roles, we primarily relied on the native Microsoft Active Directory tools such as Active Directory Users and Computers along with PowerShell scripts for repetitive administrative tasks. While those tools were sufficient for basic user and group management, they became difficult to manage as our environment grew. Routine activities such as user provisioning, offboarding, permission changes, and delegated administration were largely manual, which increased the risk of inconsistency and human error. We decided to move to One Identity Active Roles because we needed a more structured approach with workflow automation, role-based delegation, policy enforcement, and better auditing capability.

    The transition was not driven by problems with Microsoft tools themselves, but by the need for stronger governance, improved operational efficiency, and better control over administrative activities in a larger enterprise environment.

    How was the initial setup?

    My advice would be to spend enough time planning your Active Directory structure, administrative roles, and user lifecycle processes before implementing One Identity Active Roles. The product provides a lot of flexibility, but you will get the best results if your access policies and organizational structure are already well-defined. I would also recommend starting with a pilot deployment for a smaller group of users or departments before rolling it out across the entire organization.

    This helps identify any workflow or permission issues earlier and gives administrators time to become familiar with the platform. It is also worth investing in training for the IT team because features such as delegated administration, workflow automation, and policy management become much more valuable once everyone understands how to use them effectively. Do not expect it to solve every identity management challenge out of the box. If your environment includes hybrid infrastructure, legacy applications, or complex business rules, you will likely need some customization and careful planning. Overall, if you are looking for stronger governance, more consistent Active Directory administration, and reduced manual effort, it is a solid solution, provided you approach the implementation with clear planning and realistic expectations.

    What about the implementation team?

    Our company's only relationship with One Identity is as a customer. We use the product internally for our identity and Active Directory management requirements and we do not have any partnership, reseller, or other commercial relationship with the vendor.

    Which other solutions did I evaluate?

    Before selecting One Identity Active Roles, we looked at a few different options, including the native Microsoft Active Directory administration tools, Microsoft Identity Management offering, and a couple of other identity governance solutions. Our evaluation focused on ease of administration, delegated access, workflow automation, auditing capabilities, integration with our existing Active Directory environment, and the overall effort required to manage user lifecycle.

    While some alternatives provided similar functionality, we found that One Identity Active Roles offered a good balance between centralized administration, role-based delegation, policy enforcement, and automation without requiring a complete redesign of our existing Active Directory environment. The decision was not based on a single feature, but on how it fit our operational requirements and reduced the amount of manual administrative work for our IT team.

    What other advice do I have?

    The experience was generally positive and professional. Faster resolution for advanced technical cases and more proactive guidance for complex environments would make the support experience even better. I would rate this review as eight out of ten.

    Adarsh-Singh

    Automated identity lifecycle has improved secure role-based administration and onboarding

    Reviewed on Jun 14, 2026
    Review provided by PeerSpot

    What is our primary use case?

    One Identity Active Roles serves as my centralized identity and access management solution, with the key feature being the automation of users' lifecycle management. Another use case is delegated administration through a role-based administration model, which allows us to securely assign administrative tasks to different teams or individuals while maintaining governance and compliance.

    A specific example of how I use One Identity Active Roles for these tasks is in one of our projects for automating the user onboarding process. When a new employee joins the company we were building, One Identity Active Roles automatically provisions the account for the directory, assigns them to the appropriate security group based on their role, and creates the necessary permissions without manual intervention. This speeds up the onboarding and ensures consistent access rights.

    Regarding my main use case for One Identity Active Roles, we have also used it to implement access requests and approval workflows for the software we were building, and we are also automating the user offboarding. The automation capabilities of One Identity Active Roles are exceptional.

    What is most valuable?

    The best features One Identity Active Roles offers is role-based administration, which provides secure delegation of administrative tasks to different teams or individuals while maintaining governance and compliance.

    Role-based administration has helped my team because we can securely delegate specific administrative responsibilities to different teams or individuals without giving full administrator rights.

    One Identity Active Roles has positively impacted my organization. My senior managers informed me that aside from using it for other companies' projects, we are using it in our company as well. The positive impact is that it saved time, improved security, and made things more efficient. However, I have only been here for four to five months, and we have been using it for one project only.

    Regarding One Identity Active Roles's governance and security capabilities, the role-based delegated administration, centralized policy enforcement, and audit compliance and reporting are exceptional features. One Identity Active Roles has had a positive effect on reducing the complexity and workload of the administrative tasks related to Active Directory.

    What needs improvement?

    One Identity Active Roles can be improved, as the user interface could be more modernized and the reporting and analytics feature could be enhanced.

    It would be beneficial if the documentation was clearer.

    For how long have I used the solution?

    I have been using One Identity Active Roles for four to five months.

    What do I think about the stability of the solution?

    One Identity Active Roles is stable, and I believe it is very reliable.

    What do I think about the scalability of the solution?

    One Identity Active Roles has a scalable architecture.

    How are customer service and support?

    I have not used customer support for One Identity Active Roles.

    Which solution did I use previously and why did I switch?

    We are using One Identity Active Roles as our solution, so I did not previously use a different solution.

    How was the initial setup?

    Before choosing One Identity Active Roles, we did not evaluate other options.

    What about the implementation team?

    I was not on the implementation team, so I do not have knowledge about the ease or difficulty of integrating One Identity Active Roles with our existing IT infrastructure and directory services.

    What was our ROI?

    I am only four to five months into my tenure at this company, so I cannot specify whether I have seen a return on investment or share relevant metrics.

    What's my experience with pricing, setup cost, and licensing?

    I was not on the setup team either, so I cannot explain my experience with pricing, setup cost, and licensing.

    Which other solutions did I evaluate?

    Before choosing One Identity Active Roles, we did not evaluate other options.

    PravinPatil

    Delegated workflows have streamlined user provisioning and now reduce daily admin workload

    Reviewed on Jun 13, 2026
    Review provided by PeerSpot

    What is our primary use case?

    I have been using One Identity Active Roles for almost the last two years.

    My main use case of One Identity Active Roles is for user provisioning, group management, delegated administration, and handling access-related requests in a controlled and consistent manner.

    A common example is managing department-based security groups. When new employees join, we use One Identity Active Roles to add them to the appropriate group based on their role, while delegated administrators can handle routine updates without needing full Active Directory administrative privilege. This helps to keep access management consistent and reduce dependency on the IT team for everyday requests.

    Besides user and group management, we also use One Identity Active Roles for delegated administration and access governance. It helps us to standardize Active Directory tasks, reduce manual changes, and maintain better control over who can perform specific administrative actions.

    What is most valuable?

    The features I find most valuable in One Identity Active Roles are delegated administration, workflow automation, and role-based access control. These features help reduce manual Active Directory management, improve governance, and allow different teams to handle routine tasks without requiring full administrative privileges.

    One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations. It reduced manual administrative work, improved delegation of routine tasks, and provided better control over access management. As a result, administrative processes became more streamlined and easier to govern.

    One noticeable outcome was a reduction in the time spent on routine Active Directory tasks. Delegation and automation helped teams to handle common requests more efficiently without involving senior administrators. We also saw fewer administrative errors because user and group management follows standardized processes. In addition, audit and access review activities became easier due to better visibility into changes and permissions.

    Another feature I need to add is that the auditing and reporting capability provides better visibility into administrative changes and helps us during compliance and review troubleshooting. I also appreciate that One Identity Active Roles centralizes many Active Directory management tasks, making administration more organized and consistent across the different teams.

    What needs improvement?

    One area for improvement in One Identity Active Roles would be reporting and dashboard customization. While the available reports are useful, having more flexible and easier-to-build reports would help administrators to get insights more quickly. I would also like to see a more modern user interface and better visibility into complex workflow and delegated admin permissions, especially in larger Active Directory environments.

    Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues. Identifying the root cause can sometimes take longer than expected. I would also welcome more built-in guidance and recommendations for administrators, especially when managing large environments with multiple teams and permission structures.

    For how long have I used the solution?

    I have been working in my current field for the last three to four years.

    What do I think about the stability of the solution?

    One Identity Active Roles has been a very stable platform. We use it regularly for provisioning users, group management, and delegated administrator-related tasks, and it performs very reliably without any doubt, with very few operational issues. Most of the challenges were related to workflow configuration or process changes rather than the product's stability itself.

    What do I think about the scalability of the solution?

    From my perspective, One Identity Active Roles can scale well as the environment grows. We were able to support an increasing number of users, groups, and administrator requests without significantly changing our management processes. The delegation and automation features help maintain efficiency even as the Active Directory environment expanded.

    How are customer service and support?

    The customer support is very good. Sometimes we face some issues from customer support, but that is part and parcel of life, so that is not a big challenge. Overall, it is good.

    Which solution did I use previously and why did I switch?

    We were using a different solution before choosing One Identity Active Roles. We were using PowerShell for the administrative tasks. We switched because we needed better delegation, centralized management, automation, and governance. As the environment grew, managing everything through native tools became more time-consuming and harder to control consistently.

    How was the initial setup?

    Our experience with pricing and licensing for One Identity Active Roles is generally positive. One Identity Active Roles is enterprise-focused, so the investment is justified when you need strong delegation, automation, and governance capabilities. From a setup perspective, installation was straightforward. Most of the effort went into planning the administrative role and delegation models and workflow rather than the technical deployment itself.

    I would describe the integration of One Identity Active Roles with my existing IT infrastructure and directory services as fairly straightforward since our environment was already centered around Active Directory. Connecting One Identity Active Roles to existing Active Directory services was relatively smooth. Most of the effort was focused on defining the delegation model, workflow, and administrative roles rather than the technical integration itself. Our deployment fit well with our existing infrastructure.

    What was our ROI?

    We have seen a positive return on investment from One Identity Active Roles. The biggest benefit has been the time savings through the delegation and automation of routine Active Directory tasks. For example, password resets, user updates, and group membership changes can be handled by delegated teams without involving senior administrators. This reduces administrative workload, improves response times, and allows the IT team to focus on other strategic activities.

    Which other solutions did I evaluate?

    We were evaluating more options including Microsoft Identity Manager and SailPoint IdentityIQ before choosing One Identity Active Roles. We chose One Identity Active Roles because of its integration, delegating administration, and automation capabilities. This integration is very smooth, which is why we chose this solution.

    What other advice do I have?

    Delegated administration has had the biggest impact for me. It allows routine tasks such as password resets, account updates, and group membership changes to be handled by the support team without granting full Active Directory administrative rights. In day-to-day work, this reduces the number of requests reaching the IT team and helps us to focus on more complex administrative and infrastructure tasks.

    In my experience, the output from One Identity Active Roles has been reliable and consistent. User provisioning, group management, and delegated administration tasks generally work as expected when the policies and workflows are configured correctly. From an automation perspective, the platform relies more on predefined roles and automation than AI-driven decision-making. Because of that, the results are predictable and dependable, which is important for identity and access management operations.

    In our environment, One Identity Active Roles is deployed in a hybrid environment. The solution is hosted within our on-premises infrastructure and integrated with cloud services where needed. This approach allows us to maintain control over Active Directory administration while supporting broader hybrid identity requirements.

    As a part of our hybrid environment, we primarily use Microsoft Azure. It integrates well with our Active Directory and identity management infrastructure, making it easier to support both on-premises and cloud-based resources. Azure has helped maintain a consistent approach to identity access management and governance across the environment.

    We do not apply fine-grained policies.

    My impression of the automation capabilities provided by One Identity Active Roles is positive. They help reduce manual Active Directory administration and ensure that routine tasks follow consistent processes. For example, user onboarding can be automated so that new accounts are created with the correct attributes, group memberships, and permissions based on a predefined role. This saves time and reduces the chances of configuration errors.

    One Identity Active Roles helped reduce both the complexity and workload of Active Directory administration. Routine tasks such as user provisioning, group membership updates, and account maintenance become more structured and easier to manage. As a result, administrators spend less time on repetitive tasks and more time on high-priority projects, while also reducing the risk of manual errors.

    I would definitely refer my friends and colleagues to One Identity Active Roles to whoever wants to reduce the administrative load. My advice would be to start with a clear delegation and strategy and governance model before implementation. This will help to ensure that the administrative responsibilities and access controls are properly defined from the beginning. I would also recommend starting with core use cases such as user provisioning and group management, then expanding into more advanced automation workflows as the team becomes familiar with the platform.

    We are only a customer of One Identity Active Roles. I would rate this product overall as an 8 out of 10.

    Sneha Bhagat

    Delegated workflows have streamlined daily user lifecycle and access governance in our hybrid AD

    Reviewed on Jun 12, 2026
    Review provided by PeerSpot

    What is our primary use case?

    My main use case of One Identity Active Roles is managing user life cycle activity in Active Directory on a daily basis. I use it for user provisioning, group membership management, delegated administration, and handling access-related requests while maintaining governance controls.

    Besides user provisioning, I also use One Identity Active Roles for delegated administration and access governance. It helps me to control who can perform specific tasks without granting broad administrative rights, which has been useful for maintaining security and operational consistency.

    What is most valuable?

    The features I found most valuable in One Identity Active Roles are delegated administration, workflow-based automation, and role-based access control. These features help streamline Active Directory management while maintaining better control over administrative permissions and access requests.

    Workflow automation helped by reducing the number of manual steps involved in routine AD tasks. For example, when a new user request comes in, the approval and provisioning process follows a predefined workflow instead of relying on emails and manual coordination. This made requests more consistent and reduced the chances of missing important access assignments or approvals.

    The auditing and reporting capability is worth mentioning. It gives better visibility into administrative changes and helps during the access review or audit activity. I also appreciate how the platform centralizes many AD management functions.

    What needs improvement?

    One area for improvement would be troubleshooting and reporting. When dealing with complex workflows or delegated permissions, identifying the root cause of an issue can sometimes take longer than expected. I would also like to see a more modern administrative experience and greater visibility into workflow activities to make day-to-day management easier.

    Another improvement I would like to see is better visibility into delegation and access relationships. In larger environments with multiple teams and administrative roles, it can sometimes be difficult to quickly understand why a user has a particular permission or access level.

    For how long have I used the solution?

    I have been working in my current field for the last three years.

    What do I think about the stability of the solution?

    One Identity Active Roles has been a stable platform in my experience. I use it regularly for user management, delegation, and access-related tasks, and it performs reliably in day-to-day operations. Most issues I encountered were related to workflow configuration or process changes.

    What do I think about the scalability of the solution?

    From my experience, One Identity Active Roles scales well as the environment grew. I was able to manage an increasing number of users, groups, and administrative requests without significant changes to my processes. Features like delegation and automation helped support growth while keeping administration manageable and consistent.

    How are customer service and support?

    My experience with customer support has been positive overall. The support team was generally responsive and had a good understanding of Active Directory, delegation, and workflow-related issues. For more complex cases, resolution times sometimes required escalation, but the guidance provided was usually helpful and technically sound.

    Which solution did I use previously and why did I switch?

    Before One Identity Active Roles, I primarily relied on the native Active Directory administration tools and PowerShell scripts for user and AD group management. I switched because I wanted a more centralized approach with delegation, automation, and governance. As the environment grew, managing permissions and administrative tasks manually became harder to maintain consistently.

    How was the initial setup?

    I found the integration fairly straightforward because my environment was already centered around Active Directory. The core connectivity and synchronization were not difficult to establish. Most of the effort went into designing the delegation model and approval workflows to align with the existing operational processes rather than the technical integration itself.

    What was our ROI?

    The ROI was mainly seen in time savings and operational efficiency rather than directly reducing headcount. Routine tasks such as user provisioning, account maintenance, and access requests require less manual effort than before the implementation. I also saw fewer escalations to the AD team because delegated administration allowed support teams to handle common requests independently, which improved overall productivity.

    Which other solutions did I evaluate?

    I evaluated a few alternatives including Microsoft Identity Manager and SailPoint. I ultimately chose One Identity Active Roles because it aligned well with my Active Directory-focused environment and offered a good balance of delegation, automation, and governance capabilities without adding too much operational complexity.

    What other advice do I have?

    One outcome I noticed was a reduction in manual AD administration. Routine tasks such as user account management and group updates became more structured, which helped reduce configuration mistakes. I also found that access reviews and audit preparation became easier because administration changes were centrally managed and easier to track.

    In my environment, One Identity Active Roles is deployed in a hybrid setup. The application runs on virtual servers in my on-premises data center while supporting identity management processes that interact with my cloud services. This approach works well because it allows me to maintain control over the Active Directory administration.

    As part of my hybrid environment, I primarily use Microsoft Azure since my infrastructure is closely aligned with Active Directory and Microsoft services. Azure integrates well with my identity and access management processes. It allows me to support both on-premises and cloud-based identity requirements.

    I have used fine-grained permission control in One Identity Active Roles. It was particularly useful for delegating specific administrative tasks to support teams without granting full Active Directory administrative rights.

    I would rate this review a nine out of ten.

    Lalit Wagh

    Automation has transformed user lifecycle management and now streamlines secure access control

    Reviewed on Jun 10, 2026
    Review provided by PeerSpot

    What is our primary use case?

    One Identity Active Roles serves as our absolute main solution for automating the entire user life cycle from day one onboarding to offboarding while enforcing strict role-based access. Before this implementation, we were drowning in manual tickets for setting up accounts, assigning groups, and provisioning mailboxes across our hybrid and Entra setup.

    A classic scenario we deal with all the time involves departmental transfers. When an employee moves from finance to marketing and HR updates their department code, One Identity Active Roles automatically triggers a workflow that handles the transition overnight. This immediately revokes their finance-specific AD groups, strips their access to restricted financial folders, provisions them into the correct marketing distribution list and Entra ID roles, updates their manager attribute, and updates information in their company directory without any manual intervention. At the end, it sends an automated notification to their respective managers to confirm whether the access swap is completed. This entirely prevents privilege creep where moving departments causes people to accumulate leftover permissions.

    One major benefit of One Identity Active Roles for our main use case is how much it simplified our compliance audits. Before we deployed it, trying to track down who granted specific permissions or why a user was added to a privileged group meant digging through endless active AD logs. Now One Identity Active Roles acts as a single choke point for all modifications, so everything is centralized and tracked automatically.

    What is most valuable?

    The absolute best features One Identity Active Roles offers include a fine-grained delegation policy framework that allows our regional IT teams and help desks the exact access they need to do their jobs without handing over broad, risk-native AD permissions. Close behind that is a workflow automation engine which handles our multi-stage approvals seamlessly.

    We also heavily rely on the automated de-provisioning feature which ensures that when someone leaves, their access across on-prem and AD, Exchange, and Entra ID is instantly and cleanly stripped. Having all of this managed from a single web interface instead of hopping between multiple Microsoft consoles is a massive win for our daily operations.

    Before we implemented One Identity Active Roles, our regional IT teams often needed domain admin or account operator rights just to perform routine tasks like modifying local group membership or updating specific user attributes, which was a massive security risk because the native AD did not give us the granular control to avoid it. Now we use the delegation policies to restrict them strictly to their own organizational units.

    What needs improvement?

    One Identity Active Roles has proven to be the absolute best product on the market for what it does, so we do not have any major complaints about it. It handles our hybrid AD and Entra ID environment so cleanly that it is tough to find a fault within the core product.

    If I had to identify areas for improvement, I would note that when you start building highly advanced multi-stage approval workflows, the logic can get a bit complex and requires a solid understanding of the tool to maintain. Additionally, because it is so powerful, managing a massive library of custom scripts over several years takes more disciplined governance to keep things organized. However, in terms of out-of-the-box capability, scalability, and daily reliability, it is pretty much unmatched compared to its competitors.

    For how long have I used the solution?

    I have worked in the current field for three and a half years.

    What do I think about the stability of the solution?

    One Identity Active Roles is very stable across multiple tiers. As more employees are added, we do not have to manage each of them individually. The scripts and automated One Identity Active Roles directory features take the workload out of our hands, effectively doing everything we described earlier, and each one takes the same amount of time regardless of the scale we are discussing.

    We chose One Identity Active Roles because of its maturity and enterprise stability, as our roadmap was heavily anchored in a complex hybrid Microsoft ecosystem. One Identity Active Roles gave us absolute confidence that it could handle the deep attribute level security proxying without breaking a sweat, backed by broader enterprise support of One Identity fabric.

    What do I think about the scalability of the solution?

    One Identity Active Roles' scalability is one of its strongest arguments due to its horizontal scale via proxy architecture. It scales out horizontally by utilizing multiple independent One Identity Active Roles administrator service hosts, allowing administrator and help desk operators and automated workflows to interact with the ARS proxy servers rather than hitting domain controllers directly, enabling user concurrency to scale indefinitely.

    A few data configurations are required to maintain speed, such as keeping within the 1 ms latency rule and ensuring parallelism. In short, One Identity Active Roles scales beautifully to handle massive enterprise workloads with its ultimate ceiling determined entirely by how well you architect and tune its underlying SQL backend.

    How are customer service and support?

    Overall experience with One Identity Active Roles customer support has been highly solid and technically competent. For standard support and routine inquiries, standard configuration or native Active Directory integration questions, the engineers are incredibly knowledgeable, usually rating a 9 out of 10 for technical insight.

    However, there are edge cases where if you are dealing with complex and highly customized scripts inside an event-driven automation workflow or troubleshooting a bizarre synchronization error deep within your Microsoft Entra ID tenants, you can expect some delay because they really want to structure the escalation process to senior product engineers who understand the underlying database hooks. Their SLA responsiveness and severity tiers are incredible, using configuration questions to pinpoint the problem we are experiencing and curating their responses accordingly.

    One Identity support portal is heavily built around a robust self-service model, and their knowledge base, release notes, and community forums are heavily populated and frequently updated.

    Which solution did I use previously and why did I switch?

    Before One Identity Active Roles, we did not actually use a commercial third-party identity and access management software. Instead, we relied on a complex web of native Microsoft management tools combined with an extensive library of homegrown PowerShell scripts.

    How was the initial setup?

    The integration process of One Identity Active Roles with our existing IT infrastructure and directory services was remarkably straightforward, mostly because One Identity Active Roles is built from the ground up to sit naturally on top of Microsoft architecture. Since we already had a well-defined Active Directory structure and established OU layout, the core deployment did not require us to tear down or re-engineer any of the existing infrastructure.

    One Identity Active Roles basically overlays onto your directory, acting as a secure proxy layer rather than a disruptive overhaul. The initial setup for standard synchronization and basic policy enforcement took just a couple of weeks to get completely up and running. The majority of your time and effort is not technical friction with the product itself, but mapping out your business logic and defining your approval lines and planning your delegation roles before configuring them.

    What was our ROI?

    The return on investment from One Identity Active Roles has been incredibly clear and measurable for us. The time reclaimed by Tier 3 engineers is about 15 to 20 hours every single week for our senior systems and security engineers. The efficiency in user provisioning and offboarding, which used to take almost 24 to 48 hours due to a multi-step process, is now down to just 5 minutes, which is incredible for how it closed down the gap.

    The help desk resolution speed for basic Tier 1 requests, including password resets, group modifications, and profile attribute updates, is now resolved on the very first call because we safely delegated these tasks to help desk through clean access templates, resulting in a nearly 80% drop in ticket escalation queues.

    What's my experience with pricing, setup cost, and licensing?

    Our experience with the pricing, setup cost, and licensing of One Identity Active Roles reflects the platform's status as an enterprise-grade premium product. One Identity structured the Active Roles licensing per enabled user, making this model incredibly scalable and predictable since it only counts active enabled user accounts, meaning we are not paying for disabled accounts, service accounts, or the administrative overhead for Tier 1 and Tier 3 teams.

    While the software installation process itself is very straightforward, the true setup cost is heavily tied to professional services and implementation. Because the tool is highly customizable, you will likely want to budget for One Identity professional services or a certified implementation partner during the initial phase.

    Although the upfront capital expenditure for licensing and implementation services was a significant investment, the operational savings shifted from the bottom line almost immediately. By automating users' life cycle management and safely delegating tasks to Tier 1 support, we drastically reduced the workload for administrative personnel. The hours saved by Tier 3 engineers alone, around 15 to 20 hours every week from AD maintenance, allowed us to recoup our initial setup and licensing costs well ahead of schedule.

    Which other solutions did I evaluate?

    Before deciding on One Identity Active Roles, we evaluated multiple software solutions, including ADx by Softerra and ManageEngine ADManager Plus.

    What other advice do I have?

    If you are in the position we were in a few years ago, stuck maintaining an ungodly amount of fragile custom PowerShell scripts and constantly stressing over broad AD permissions, One Identity Active Roles is a fantastic move. I advise fixing your business logic before you touch the software, as One Identity Active Roles is an incredibly flexible tool, but it will automate exactly what you tell it to do. If your organization's current identity life cycle process is messy, manual, and full of special exceptions, automating them will only create a faster automated mess.

    I would advise sitting down with HR, security, and your regional IT leads before you start configuring workflows. Standardize exactly what happens when a user is hired, transferred, and terminated, and map out your approval chains on a whiteboard first. Once your business rules are clear on paper, plugging them into One Identity Active Roles engine is incredibly smooth.

    Do not drop the One Identity Active Roles database onto a generic, over-located, shared SQL cluster. Treat it like a Tier 1 critical application. Leverage virtual attributes to protect the core schema by creating them as virtual attributes for custom fields to track employee IDs, contractor's end dates, or specific HR flags for automation, which keeps your native AD schema pristine and protects against accidental schema corruption. Finally, budget for professional services or training upfront, and plan your web interface views by persona, ensuring to build distinct web profiles tailored specifically to different personas to reduce human error and cut training time for junior staff to zero. I would rate this product a 10 out of 10 based on my overall experience.

    karan rathod

    Automation has streamlined identity governance and has improved secure delegation in our directory

    Reviewed on Jun 05, 2026
    Review provided by PeerSpot

    What is our primary use case?

    Our main use case for One Identity Active Roles is Active Directory administration and user lifecycle management, and we use it to create, modify, disable, and manage user accounts, groups, and permissions in a controlled and standardized manner, which improves security and reduces the risk of manual error when managing the Active Directory environment.

    A good example of how we use it for user lifecycle management is user onboarding, where instead of manually creating accounts and assigning permissions in Active Directory, One Identity Active Roles automation automates the process using predefined templates and workflows, saving time, reducing errors, and ensuring users receive the correct access from day one.

    Another benefit of our main use case with One Identity Active Roles is delegated administration, which allows different teams to perform specific tasks without needing full Active Directory access, improving security and making administration much easier while helping with auditing and change tracking.

    What is most valuable?

    The best features of One Identity Active Roles include user lifecycle management, delegated administration, automation, and role-based access control, where user lifecycle management helps to standardize and automate tasks, and delegated administration allows teams to perform specific tasks without giving them full Active Directory privileges, thus improving both security and operational efficiency.

    For one example regarding how automation and role-based access have helped my team, the user onboarding process used to involve the administrator manually creating accounts, assigning groups, and configuring permissions; however, with One Identity Active Roles, the process can be standardized through workflows and templates, which reduces manual effort, speeds up provisioning, and ensures users receive the correct access from the start, while I also appreciate the auditing and change tracking capabilities for visibility into who changed what and when, which aids troubleshooting, compliance, and overall governance in our Active Directory environment.

    One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts.

    What needs improvement?

    The main improvement I would like to see for One Identity Active Roles is a more modern and intuitive interface, along with more customizable reporting and dashboards to enhance our experience with the platform.

    I would appreciate more integration with other identity and security tools, alongside more flexible reporting and dashboards to improve the functionality of One Identity Active Roles while we have not faced major performance issues.

    For how long have I used the solution?

    I have been using One Identity Active Roles for approximately one year.

    What do I think about the stability of the solution?

    I have not used the AI-specific capabilities extensively, but the overall output from One Identity Active Roles has been accurate, and we still perform reviews for important changes; however, I find the system to be consistent and dependable.

    What other advice do I have?

    I rate One Identity Active Roles a 9 out of 10 because it has helped simplify Active Directory administration, improve security, delegate access, and reduce manual errors through automation, making it a reliable and valuable solution for identity and access management.

    I chose 9 out of 10 because it is a reliable and feature-rich solution that has enhanced efficiency and security for my team, while to reach a perfect 10, I would like to see a more modern interface, improved reporting, and additional integrations with other platforms.

    From my experience with One Identity Active Roles, governance and security are some of the strongest aspects of the platform because it provides role-based access control, delegated administration, and detailed auditing to ensure that administrative activities are properly controlled and monitored, and while I have not extensively utilized specific AI-driven capabilities, the overall security model helps reduce the risk of unauthorized changes and improves visibility into who performs what actions.

    I utilize One Identity Active Roles in an on-premises environment that is integrated with our Active Directory infrastructure, so it primarily operates within our on-premises setting.

    I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has helped us enforce least privilege access by allowing users to perform only the tasks relevant to their role, notably enabling the help desk team to manage passwords and user accounts without requiring full Active Directory administrative rights, thereby improving security and control.

    I assess the integration of One Identity Active Roles with our existing IT infrastructure and directory services as manageable, as it has facilitated effective implementation of least privilege access by allowing us to delegate specific tasks to different teams without granting full administrative rights, thus enhancing security and reducing risk. My overall review rating for One Identity Active Roles is 9 out of 10.

    Akash Pardeshi

    Delegated administration has improved governance and automation streamlines user lifecycle tasks

    Reviewed on Jun 01, 2026
    Review provided by PeerSpot

    What is our primary use case?

    One Identity Active Roles is our main solution for Active Directory administration and user life cycle management. In day-to-day operation, I primarily use it for onboarding and offboarding users, managing group membership, handling access requests, and delegated administration.

    What is most valuable?

    One Identity Active Roles enforces consistency in Active Directory administration. Before implementation, different administrators sometimes followed different processes for account creation or access changes. With One Identity Active Roles, workflows and policies help standardize those activities. It also gives us better visibility into who made changes and when, which has been useful during access reviews and audit-related activities.

    The features that stood out most for me in One Identity Active Roles are delegated administration, automation, and role-based access control. Delegated administration made a big difference because it allowed the service desk to handle routine tasks such as password resets, account unlocks, and certain group management activities without giving them full Active Directory administrative rights. Automation was also valuable for onboarding and offboarding processes, helping reduce manual effort and maintain consistency. Another feature I found useful was the auditing capability since it provided better visibility into who made changes and helped during access reviews and compliance checks.

    Automation had a noticeable impact on our team's efficiency because it reduced the amount of repetitive Active Directory work. Before One Identity Active Roles, user provisioning and access changes often involved multiple manual steps and validation checks. For example, onboarding required administrators to manually create accounts, assign groups, and verify permissions. With the automated workflow, much of that process became standardized, which reduced administrative effort and helped avoid administration mistakes. It also meant the Active Directory team spent less time on routine requests and more time on governance, access reviews, and improvement initiatives, although automation did not eliminate all manual work.

    One of the biggest positive impacts of One Identity Active Roles was bringing more control and consistency to Active Directory. Before implementing it, many user and access management tasks relied heavily on manual processes and experienced administrators. With One Identity Active Roles, many of those activities became standardized through workflows, delegated administration, and role-based access control. From an operational perspective, it improved turnaround times for common requests, reduced the risk of unauthorized changes, and gave us better visibility into administrative activities.

    From a governance and security perspective, I think One Identity Active Roles is one of the stronger areas of the product. It helps enforce role-based access control, delegated administration, and least privilege principles much more effectively than relying on native Active Directory administration alone. We had better control over who could perform specific tasks, and administrative activities were easier to audit and review. In terms of artificial intelligence capability, I would not say artificial intelligence is currently a major strength of the product. Most of the value comes from the policy-based automation, workflows, and governance controls rather than advanced artificial intelligence-driven decision-making.

    What needs improvement?

    One area where One Identity Active Roles could be improved is troubleshooting and visibility. As environments grow and workflows become more complex, it can sometimes take time to determine why a specific permission, workflow, or delegated task is not behaving as expected. I also think the reporting experience could be more flexible, especially for organizations that need customized governance and audit reports. Overall, One Identity Active Roles is strong in its core functionality, but improvements in user experience, reporting, and troubleshooting would make administration easier.

    One additional improvement I would mention is around hybrid identity and cloud integration. Many organizations today are managing both on-premises and cloud environments. Having deeper visibility and governance across those environments from a single interface would be valuable. Another area is workflow management. While the flexibility is powerful, maintaining and troubleshooting complex approval workflows can sometimes become challenging as organizations grow and requirements evolve.

    For how long have I used the solution?

    I have been working in my current field for the last seven years.

    What do I think about the stability of the solution?

    One Identity Active Roles has been a stable platform overall in my experience. We use it for daily Active Directory operations, delegated administration, and user life cycle management, and it has performed reliably without causing major operational issues.

    What do I think about the scalability of the solution?

    One Identity Active Roles scaled well from my experience, especially in an organization with a large Active Directory environment. As our user base, groups, and administrative requests grew, we were able to continue using the same platform without significantly changing our operational model. Features such as delegated administration and automation helped us absorb that growth without putting additional pressure on the Active Directory team.

    How are customer service and support?

    My experience with customer support was generally positive. For routine issues and product-related questions, the support team was knowledgeable and usually able to point us in the right direction fairly quickly. We especially found them helpful during implementation when working through delegation workflow-related configuration questions.

    I would rate customer support eight out of ten. The support engineers generally had good product knowledge and understood Active Directory delegation models and workflow-related issues well. In most cases, we received useful guidance without extensive back-and-forth.

    Which solution did I use previously and why did I switch?

    Before implementing One Identity Active Roles, we primarily relied on native Active Directory tools, such as Active Directory Users and Computers, along with PowerShell scripts for user provisioning and access management. As the environment grew, managing delegated permissions, user life cycle processes, and ensuring a consistent audit trail with this manual system became increasingly difficult. Different teams were following different processes, and it was challenging to maintain consistent governance.

    How was the initial setup?

    I would describe the integration as moderately easy. Since our environment was already heavily based on Active Directory and Microsoft technologies, the core integration was fairly straightforward. The basic setup, user provisioning, delegated administration, and role-based access control configuration were not particularly difficult. Most of the effort went into planning the delegation model, approval workflows, and ensuring they aligned with our existing operational processes.

    What was our ROI?

    I would not say it reduced the number of employees, but it definitely helped the existing team handle a higher volume of work more efficiently. Before One Identity Active Roles, the Active Directory team was spending a significant amount of time on routine activities such as account provisioning, group membership updates, and access-related requests. After introducing automation and delegated administration, many of those requests could be handled by the service desk or proceeded through a standardized workflow.

    What's my experience with pricing, setup cost, and licensing?

    My experience with pricing, setup costs, and licensing was generally positive, although the product is definitely more suited for medium and large enterprises than smaller environments. The licensing and initial setup cost required justification upfront, but the value became clearer once we started using the automation, delegated administration, and governance features at scale. From the setup perspective, the technical installation was not the most challenging part. The bigger effort was planning and delegation.

    Which other solutions did I evaluate?

    We did look at a few alternatives before selecting One Identity Active Roles. The main ones were Microsoft Identity Manager and SailPoint IdentityIQ. Microsoft Identity Manager was already familiar from our Microsoft ecosystem perspective, while SailPoint offered strong identity governance capabilities. However, for our requirements, One Identity Active Roles provided a better balance between Active Directory administration, delegated access management, automation, and governance.

    What other advice do I have?

    My advice to organizations looking into One Identity Active Roles is to spend time understanding your Active Directory structure, delegation requirements, and access governance processes before implementation. One Identity Active Roles delivers the most value when you have clear ownership of administrative tasks and well-defined access policies. If these processes are not documented, it is worth first addressing these before purchasing the product. I would rate this review nine out of ten.

    Satyam Gupta

    Delegated administration has simplified routine tasks and improves governance and compliance

    Reviewed on May 30, 2026
    Review provided by PeerSpot

    What is our primary use case?

    We are using One Identity Active Roles to simplify our Active Directory administration, such as controlling delegation access and automating routine tasks including user management activities.

    What is most valuable?

    One Identity Active Roles offers many valuable features that function very smoothly, including delegation administration, automated user management, approval workflows, and auditing details. These are the best features based on my experience.

    What stands out the most in One Identity Active Roles is its ability to securely delegate routine Active Directory tasks without granting full administrative privileges. Combining this with automation and policy-based control really helps us reduce manual efforts.

    One Identity Active Roles has positively impacted many areas within our organization by simplifying Active Directory administration and reducing manual efforts. It improves operational efficiency with the help of automation and delegated administration, leading to very positive outcomes.

    In terms of governance and security, One Identity Active Roles provides very valuable add-on features, offering strong governance while not being heavily AI focused. It helps us enforce least privileged access and improves accountability while mitigating the risk of unauthorized changes within our Active Directory environment.

    The accuracy and reliability of output from One Identity Active Roles are very high, as it provides very accurate results.

    We use the fine-grained permission control feature of One Identity Active Roles, which has been very effective in supporting our least privilege strategy. For example, help desk staff can perform password resets and account unlocks without receiving full Active Directory administrative rights, providing security and reducing the number of highly privileged accounts in the environment.

    My impression of the automation capabilities of One Identity Active Roles has been very positive. User account creation, group membership assignments, and account updates can be automated through predefined policies and workflows, allowing the correct attributes, permissions, and groups to be applied automatically based on organizational requirements.

    One Identity Active Roles helps improve our compliance processes by enhancing control, visibility, and accountability within Active Directory, strengthening governance, and simplifying the audit and compliance process.

    What needs improvement?

    I believe the initial setup could be more simplified to allow for better and faster deployment.

    For how long have I used the solution?

    I have been using One Identity Active Roles for almost two years.

    What do I think about the stability of the solution?

    One Identity Active Roles is a stable solution.

    What do I think about the scalability of the solution?

    One Identity Active Roles is a very scalable solution that can handle organizational growth over time.

    How are customer service and support?

    Customer support for One Identity Active Roles is very responsive and effective. Whenever we face technical issues, we raise a ticket and they are ready to provide support.

    How was the initial setup?

    I believe the initial setup could be more simplified to allow for better and faster deployment.

    What was our ROI?

    We are seeing a very good return on investment with One Identity Active Roles by reducing manual efforts, which in turn saves us time and money. This solution provides a significant benefit, allowing us to complete tasks forty to sixty percent faster than before.

    What other advice do I have?

    My advice to any organization considering using One Identity Active Roles is to deploy it, as it will be a great decision. During the deployment phase, I recommend identifying the Active Directory tasks that consume the most administrative time and focusing on automating those processes while taking advantage of all the useful features. I rate One Identity Active Roles nine out of ten because it is a very powerful solution providing great features and a smooth operational process.

    Padmavati Ipo

    Automation has transformed onboarding and delegated access and now streamlines daily governance

    Reviewed on May 29, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My main use case for One Identity Active Roles is user provisioning and group administration, workflow automation, access management, and employee onboarding and offboarding processes. When a new employee joins, One Identity Active Roles automatically creates the account, applies the correct policies, assigns role-based security groups, and routes approval if required.

    The main focus of how I use One Identity Active Roles is user management through onboarding and offboarding, lifecycle management, access control, and reducing manual administrative effort through automation.

    The automation capabilities are one of the strongest features of One Identity Active Roles. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

    The main use case is automation of processes such as employee user management, onboarding, and offboarding. The automation process makes these tasks smooth and fast, allowing administrative work to be reduced and time to be saved.

    What is most valuable?

    The best features One Identity Active Roles offers in my experience include workflow automation, delegated administrations, user provisioning, de-provisioning, role-based access control, auditing, and hybrid Active Directory management. A workflow engine is especially valuable because it automates repetitive tasks such as onboarding, offboarding, and access requests, which saves time and reduces manual errors. I also appreciate the delegated administration features because they allow teams to handle specific tasks without giving full AD privileges, improving both security and efficiency, while the auditing and reporting capabilities are very useful for compliance.

    Workflow automation has reduced repetitive manual work through onboarding, access requests, and account management, while delegated administrations allow support teams to handle routine tasks without full AD access. This has improved efficiency, reduced bottlenecks, and strengthened security through better access control and auditing.

    I would like to highlight the auditing and reporting features of One Identity Active Roles because they provide good visibility into changes and help with compliance and troubleshooting. The fine-grained delegation and centralized management across Active Directory and cloud environments are also very valuable in our day-to-day activity.

    One Identity Active Roles has impacted our organization positively because the biggest benefit has been reducing manual administration through automation and standardized workflows. Tasks such as onboarding, offboarding, group assignments, and access requests are now much faster and more consistent than before, thus helping create a more structured identity management process across the organization.

    There are several positive outcomes since implementing One Identity Active Roles. Overall, the biggest gains have been time saving, improved consistency, reduced manual error, and better operational efficiency rather than a direct headcount reduction.

    What needs improvement?

    There is room for improvement in One Identity Active Roles. Based on my experience using it for the last two years, I see potential for a more modern UI, simpler workflow customization, and easier reporting. While the product is very capable, managing complex workflows and hybrid environments can sometimes require deeper expertise than expected, so better cloud integration and troubleshooting visibility would also be valuable improvements.

    In terms of needed improvements, I would like to see enhancements around the reporting dashboard and cloud-focused management features. While the core functionality is strong, most of the improvements I would like to see are around usability, visibility, cloud management, and making advanced features easier to configure and maintain rather than major gaps in the product itself.

    For how long have I used the solution?

    I have been using One Identity Active Roles for the last two years.

    What do I think about the stability of the solution?

    One Identity Active Roles is stable.

    What do I think about the scalability of the solution?

    One Identity Active Roles is definitely scalable. I purchased this for its scalability and have seen its ability to handle increasing numbers of users, groups, access requests, and administrative tasks without major issues. The automation and delegation administration features help a lot because they reduce the workloads on administrators.

    How are customer service and support?

    Customer support is quite good.

    Which solution did I use previously and why did I switch?

    Before switching to One Identity Active Roles, user and access management was mainly handled through native Active Directory tools, manual processes, and a few scripts. As the environment grew, those methods became hard to manage and audit, so I adopted One Identity Active Roles to automate routine tasks, improve delegations, strengthen governance, and reduce manual effort.

    How was the initial setup?

    I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was very straightforward overall, especially because our environment was already based on Active Directory and Microsoft services. The initial integration with Active Directory was relatively smooth, and One Identity Active Roles fit well into our existing identity management process, designed to work across AD, Entra ID, and Microsoft 365, which helped simplify administrations in our hybrid environment.

    What about the implementation team?

    I did not purchase One Identity Active Roles through AWS Marketplace, as I use AWS as a part of our hybrid cloud environment, but the licensing and procedure were done directly through our organization's standard software procurement process rather than through the AWS Marketplace.

    What was our ROI?

    I have seen a positive return on investment mainly through time savings and operational efficiency. While I do not have exact financial figures, a good example is onboarding and user provisioning. Before One Identity Active Roles, creating accounts, assigning groups, and validating permissions was largely manual work, taking around twenty to thirty minutes per user, but with automated workflows, that process now takes just a few minutes for standard requests.

    I have utilized the fine-grained permissions control and delegated administration features quite extensively. One of the biggest impacts has been supporting the least privileged principle by allowing users and teams to perform only the specific administrative tasks they need without giving broad Active Directory access. For example, help desk teams can handle password resets and account unlocks, while application owners can manage only their own groups and resources.

    What's my experience with pricing, setup cost, and licensing?

    In my experience, the pricing is at an enterprise level, but the setup and licensing were justified by the automation and governance features. Setup required planning and configuration, but licensing was straightforward, and the long-term operational benefits provided good value.

    Which other solutions did I evaluate?

    I evaluated Microsoft Native Active Directory tools, ManageEngine ADManager Plus, and some identity governance platforms such as SailPoint. I selected One Identity Active Roles because of its automation, delegation administration, auditing, and strong Active Directory management capabilities.

    What other advice do I have?

    For others considering One Identity Active Roles, my advice would be to first check your user management process and how onboarding and access management would be taken care of before deployment, starting with key automation use cases. If implemented properly, One Identity Active Roles can save a lot of administrative effort while improving security and compliance, so it is important to clearly define your governance model, roles, and approval processes before deployment.

    My experience with delegated administration has been very positive. Before One Identity Active Roles, most routine requests had to go through senior Active Directory administrators, which often created delays and bottlenecks. Now, with delegated administrations, I can assign specific responsibilities to help desk teams, application owners, or business units without giving them full AD privileges. For instance, help desk staff can handle password resets and account unlocks, while certain teams can manage their own group's membership, significantly improving workflow because routine requests are resolved faster, reducing the workload on senior administrators and controlling access more securely through the least privilege model.

    One Identity Active Roles offers automation capabilities that are among the strongest features available. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

    This review has received an overall rating of eight out of ten.