In daily operation, the help desk handles password resetting or account unlocking without admin rights. This is our real-time example. When new users are created in Active Directory, the configurations are automatically applied. This really helps in automating the workload and reducing human errors.

The auto-provisioning or role-based permission handling makes my daily work easier and more efficient because it automates our environment since we don't have to manually onboard or deboard employees. It is totally automated which helps in reducing the workload of the IT team by about 50 to 60 percent. This makes our job easier and efficient without having human errors.

One Identity Active Roles has had a great positive impact on our organization. It has really made administrator directory management easy in a controlled way and has improved security due to reduced direct access to applications or systems, thus saving time.

I can say we have a positive impact in terms of metrics. It has really reduced administrative efforts, with a 40 to 60 percent decrease in time spent on routine Active Directory tasks such as user creation, password resetting, or any group changing for employees. This really helped the team to handle requests without any escalations and also allowed for faster user provisioning.

The initial setup of One Identity Active Roles can be more simplified. Apart from this, everything is perfect.

One Identity Active Roles simplifies and automates user and group management in Active Directory. It helps reduce manual work, manage permissions more securely, and ensure proper access control. Overall, it improves efficiency, reduces errors, and strengthens security in identity management.

A recent example of how we use One Identity Active Roles day-to-day is during user onboarding. Whenever a new employee joins, instead of manually creating accounts and assigning permissions, we use One Identity Active Roles to automate the process. We select the role or department, and it automatically creates the user, assigns the right groups, and provides correct access. This saves a lot of time and also avoids mistakes such as giving wrong permissions. It makes the process faster and more secure.

We have seen clear improvements after using One Identity Active Roles. For example, in user onboarding, what used to take around twenty to thirty minutes manually is now done in five minutes or less with automation. This represents roughly seventy to eighty percent time saved. We have also seen a big reduction in errors, especially in access assignments, since everything is role-based. I would say errors have dropped by around sixty to seventy percent. From a security point of view, we have not experienced issues such as over-permission or unauthorized access because access is controlled and audited properly. Overall, it has improved speed, reduced errors, and strengthened our security posture.

One Identity Active Roles offers several valuable features mainly around automation, security, and control. First, automation can automatically create users, assign groups, and manage access, which saves a lot of manual effort. Second, role-based access control ensures users only get the access they need. Third, delegation allows us to give limited admin rights to teams without giving full control, which reduces risks. Auditing and reporting is also very useful because we can track who made what changes, which helps in compliance. Finally, centralized management allows everything to be managed from a single console, even across multiple directories.

The feature we rely on the most in our day-to-day work is automation in One Identity Active Roles. It is very important for our team because we deal with frequent user onboarding, role changes, and access requests. Instead of doing everything manually, automation helps us complete these tasks quickly and consistently. It reduces human error, saves a lot of time, and ensures users always get the correct access based on their role. That is why it is the most valuable feature for us in our day-to-day work.

All the features in One Identity Active Roles work really well together. Automation saves time, role-based access control improves security, and auditing gives us visibility.

One Identity Active Roles is a strong tool, but there are a few areas where it can be improved. One area is the user interface, which can feel a bit complex or outdated. Making it more modern and user-friendly would reduce the learning curve. The initial setup and workflow configuration can be slightly complicated, especially for new users or smaller teams. Simplifying this would make adoption easier. Another improvement could be better cloud integration, especially with modern cloud environments to make it more seamless. Additionally, having more ready-made automation templates and better documentation would help teams implement use cases faster.

I have been using One Identity Active Roles for one point five years.

One Identity Active Roles has had a very positive impact on our organization, mainly in terms of efficiency and security. First, it has reduced manual work significantly by automating user provisioning and access management, which saves a lot of time for our IT team. Second, it has improved security by ensuring users only get the right access and reducing the risk of over-permission or errors.

One Identity Active Roles is a very reliable and powerful solution for identity and access management. It really stands out in terms of automation, security, and centralized control, especially in hybrid environments. It helps reduce manual effort, enforce policies, and maintain consistency across systems. At the same time, it has a slight learning curve and some areas of improvement, as with any enterprise tool. However, once properly implemented, it delivers strong value. I would definitely recommend One Identity Active Roles for organizations looking to improve efficiency and strengthen their identity and security.

My main use case for One Identity Active Roles is simplifying and automating Active Directory management tasks, especially user provisioning and access control. On a day-to-day basis, I use it to create new user accounts with a predefined template, assign them to the correct group based on their role, and ensure proper access rights. It has helped reduce manual error and save time through automation. When a new employee joins, I use One Identity Active Roles to quickly provision their account using a template, assign department-based permissions, and automate workflows such as approval. This ensures consistency, security, and faster onboarding. I also use it for enforcing policies, delegating administrative tasks securely, and maintaining compliance through auditing and reporting.

One additional thing I have found valuable while using One Identity Active Roles is its ability to delegate administrative tasks securely without giving full access to Active Directory. We can assign limited permissions to specific teams such as HR or support, so they can handle user updates without compromising overall security. This really helps in maintaining control while improving efficiency. Another interesting aspect is the automation and policy enforcement. It ensures consistency across all user accounts, which reduces error and improves compliance. What I found unique is how it balances automation with control. While it simplifies repetitive tasks, it also provides strong governance through approval workflows and auditing, which is critical in an enterprise environment.

The key features of One Identity Active Roles that stand out to me the most are automation, delegation of administration, and policy enforcement. Automation really helps reduce manual effort in tasks such as user provisioning and de-provisioning. Delegation allows assigning limited access to different teams without compromising security, and policy enforcement ensures consistency and compliance across all users. Using templates and workflows, we can onboard users quickly while ensuring they automatically get the correct permissions based on their role.

One additional feature I find very useful in One Identity Active Roles is its workflow and approval system. It allows organizations to set up approval-based processes for sensitive actions such as account creation or permission changes. This adds an extra layer of control and reduces the risk of unauthorized changes. The centralized management interface makes it easier to handle complex environments from a single place, which improves efficiency and reduces administration overhead.

One Identity Active Roles has had a very positive impact on our organization, especially in terms of efficiency and security. It has reduced the time required for user provisioning by around 50 to 60%, since we use automated templates and workflows instead of manual account creation. It has also improved security by enforcing policies consistently and limiting access through delegated administration, which reduces the risk of human error and unauthorized changes. Additionally, auditing and reporting features have made compliance much easier, as we can track all changes in Active Directory with full visibility.

The auditing and reporting features of One Identity Active Roles have really helped us strengthen compliance by providing full visibility into all changes made in Active Directory. During an internal audit, we were able to quickly generate a report showing who created, modified, or deleted user accounts and when. Earlier, this process was manual and time-consuming, but now it takes just a few minutes. This level of tracking ensures accountability and helps us meet compliance requirements, since every action is logged and traceable. It also helps in identifying any unauthorized or suspicious changes quickly, which improves our overall security posture. Overall, it has made audits faster, more accurate, and much easier to manage from the compliance perspective.

One Identity Active Roles is a powerful tool; however, there are a few areas where it could improve. One area is the user interface, which can feel somewhat complex for a new user, creating a learning curve when getting started. Another point is performance; sometimes in large environments, certain operations or report generation can take longer than expected. More built-in integration with modern cloud platforms and tools could make it even more flexible. These are relatively minor compared to the overall value it provides in automation, security, and governance. With a more intuitive user interface and enhanced integration, it could become even more efficient and user-friendly. The main improvement area would be simplifying the interface for new users and enhancing performance on large-scale operations.

I have been using One Identity Active Roles for around one year, and during this time, I have worked on tasks such as user provisioning, group management, and automation for administrative processes.

My advice to anyone considering One Identity Active Roles would be to clearly define your use case and access control requirements before implementation. Start by identifying the processes you want to automate, such as user provisioning or access management, and design your workflow accordingly. Investment in proper initial setup and training is important because once configured correctly, it can save a significant amount of time and reduce errors. I recommend making good use of delegation and policy enforcement features early on, as they provide both efficiency and strong security control. If implemented properly, One Identity Active Roles can greatly improve operational efficiency, security, and compliance in identity management. I would rate this solution 9.5 out of 10.

My main use case for One Identity Active Roles is automating Active Directory administration and user lifecycle management. I primarily use it for user onboarding and offboarding, membership management, delegation of tasks, and enforcing policies such as naming convention and access controls. Overall, it helps streamline and secure operations in Microsoft Active Directory while reducing manual efforts.

One Identity Active Roles has had a very positive impact on our organization, especially in terms of efficiency, security, and standardization. One of the most noticeable improvements is in user lifecycle management. Tasks such as onboarding and offboarding, which were previously manual, are now automated. This reduced onboarding time from around thirty to forty-five minutes to under ten minutes, especially when working with Microsoft Active Directory. It has also significantly improved our team's workload.

Routine tasks such as password resets and account unlocks are delegated to the help desk, which reduced the burden on senior admins and improved response times for end-users. Another key outcome is error reduction. Since policies enforce naming conventions and group assignments, manual mistakes dropped by around seventy to eighty percent, ensuring consistency across the environment. From a security and compliance standpoint, auditing and role-based access control helps us enforce least privilege and maintain clear visibility of all changes. This made audits faster and much easier to manage.

From a workload perspective, around sixty to seventy percent of routine tasks such as password resets and account unlocks were delegated to the help desk. This reduced dependency on senior admins and allowed us to focus on more critical tasks such as security and infrastructure. In terms of measurable outcomes, onboarding time reduced from thirty to forty-five minutes to five to ten minutes per user. Error reduction was around seventy to eighty percent, especially for group assignments and naming conventions due to policy enforcement. Ticket resolution time improved significantly. Common requests that earlier took hours due to escalation were resolved in minutes. For audits, what used to take hours of manual tracking can now be done in a few minutes using the built-in logs and reports in Microsoft Active Directory. Overall, it helped us reduce manual efforts, improve accuracy, and make the team much more efficient and proactive.

The best features of One Identity Active Roles in my experience are automation, delegation, and centralized management. Those really stand out. First, automation and workflows are the most impactful. One Identity Active Roles can automate user provisioning, group management, and lifecycle processes, which reduces manual work and ensures consistency across the environment. Second, delegation with least privileges through role-based access control is a key strength. It allows us to assign specific tasks to teams such as the help desk without giving full admin access, improving both security and operational efficiency.

Another standout feature is policy-based administration. It enforces rules automatically, such as naming conventions or access policies, so everything stays standardized and compliant without manual checks. I would also highlight centralized management. It gives a single interface to manage multiple environments such as on-premises Active Directory, cloud directories, and even hybrid setups, which simplifies administration significantly. Finally, auditing and reporting is very useful. It tracks all the changes and activities, which helps with compliance, troubleshooting, and security monitoring. The combination of automation, delegation, policy enforcement, and centralized control is what makes One Identity Active Roles truly powerful.

Beyond the core features, capabilities such as Managed Units, dynamic groups, and self-service really enhance flexibility and usability in day-to-day operations. Managed Units allow us to group objects logically rather than relying only on the organizational unit structure in Microsoft Active Directory. This gives us a lot of flexibility in how we delegate access and apply policies across different teams or regions.

Dynamic groups management is another useful feature, where group membership is automatically updated based on user attributes such as department or roles. This ensures users always have the correct access without manual intervention. Self-service capabilities allow end-users or managers to request access or perform certain actions through workflows, reducing dependency on IT teams.

While One Identity Active Roles is a strong platform, a few improvements would make it even better. Many users feel the user interface is not very modern or intuitive, and it can take time to get used to navigating the console and workflows. Another improvement area is the learning curve and setup complexity. One Identity Active Roles is very powerful, but initial configuration, especially for policies, workflows, and delegation, can be complex and require experienced resources.

From an integration perspective, although it supports multiple systems, organizations would benefit from more out-of-the-box connectors and smoother cloud integrations such as Azure Active Directory and software-as-a-service applications, as some setups currently require customization. In terms of reporting, while auditing is strong, generating business-friendly reports can be challenging. Users have mentioned the need for better dashboards and easier report generation. There are also some performance considerations, especially in large environments, such as slower PowerShell execution or delays in dynamic group processing in certain cases. Overall, improvements in user interface, ease of use, integration, reporting, and performance optimization would significantly enhance the product experience.

I have been using One Identity Active Roles for around two years.

One Identity Active Roles has been quite stable and reliable overall in our experience.

In terms of scalability, One Identity Active Roles has performed well in our environment and has been able to grow with the organization. From what I have seen and based on industry feedback, it is considered a highly scalable solution, especially for large and complex environments. Many users rate its scalability quite high, around eight or nine out of ten, and mention that it can support enterprise-level deployments.

In our case, as the number of users increased, the system handled user provisioning and group management without major issues. We were able to scale by adding resources rather than redesigning the system. It continued to perform well even with more workflows, policies, and integrations in place. One Identity Active Roles works well in hybrid environments, handling both on-premises and cloud identities from a single platform, which helps as our organization expands.

The customer support for One Identity Active Roles has been generally very good and reliable in our experience. Most of the time, support responses are quick and helpful. Support engineers are knowledgeable about the product. The issues are usually resolved efficiently, especially for standard or known problems. This aligns with industry feedback as well. Many users mention quick response times, knowledgeable staff, and effective issue resolutions.

Before selecting One Identity Active Roles, we did evaluate a few other identity and access management solutions. Some of the main options we looked at included SailPoint, CyberArk, Okta, and Microsoft Entra ID. We also considered tools such as OneLogin and Saviynt, which are commonly compared in the same space. Ultimately, we chose One Identity Active Roles because it provides strong integration with Microsoft Active Directory, it offers powerful delegation and automation capabilities, and it fits well for organizations that need deep Active Directory management rather than only cloud identity and access management.

My experience with pricing and licensing for One Identity Active Roles is that it is generally on the higher side, but the value justifies the cost. In terms of licensing, it is usually based on a per-user or enabled Active Directory account model, which is fairly straightforward and easy to manage.

For pricing, many organizations consider it expensive compared to some alternatives, especially for large environments. However, the return on investment is strong because it reduces manual efforts, improves security, and lowers operational cost over time. Regarding setup cost, the initial implementation can require investing in licensing and sometimes professional services or consultants' time for proper configuration of policies, workflows, and delegation. The upfront cost can be noticeable, but once implemented, it becomes very efficient and scalable. Overall, I would say pricing is high but justified, licensing is simple and user-based, and the setup cost is moderate to high depending on complexity.

We have definitely seen a strong return on investment after implementing One Identity Active Roles. From a time-saving perspective, user onboarding time reduced by around seventy to eighty percent, from thirty to forty-five minutes to under ten minutes. Routine tasks such as password resets are now handled in minutes instead of hours. In terms of workload and staffing efficiency, around sixty to seventy percent of repetitive tasks are now handled by the help desk through delegation. This reduces dependency on senior admins, so we did not need to scale the team even as the number of users increased.

For error reduction, manual mistakes such as incorrect group assignments dropped by seventy to eighty percent due to policy enforcement. From a cost perspective, we avoided additional hiring as the organization grew. For compliance and audits, preparation time reduced from hours to a few minutes, thanks to built-in logging and reporting in Microsoft Active Directory. Overall, the return on investment comes from time savings, reduced errors, better resource utilization, and improved compliance, which together justify the investment.

One Identity Active Roles has really helped our team by standardizing and simplifying day-to-day Active Directory operations. For example, earlier we had multiple admins performing tasks differently, which sometimes led to inconsistencies. With One Identity Active Roles, everything is controlled through policies and templates, so all actions follow a consistent process. It has also improved our response time for user requests since many tasks are either automated or delegated to the help desk. Users do not have to wait for senior admins anymore.

Another important benefit is better control and visibility in Microsoft Active Directory. We can easily track changes, enforce rules, and ensure compliance without extra effort. Overall, it is not just about automation; it is also about making the environment more organized, secure, and efficient for the entire team.

My advice for organizations considering One Identity Active Roles would be to plan the implementation carefully and focus on best practices from the start. It is very important to design your delegation model and policies properly before deployment. One Identity Active Roles is powerful, but if roles, access templates, and workflows are not structured well initially, it can become complex later on.

I would recommend starting with a phased implementation. Begin with key use cases such as user provisioning and delegation, and then gradually expand to advanced features such as workflows and dynamic groups. Another key point is to follow the principle of least privilege. Assign only the minimum permissions required. This is actually one of the core best practices highlighted in the official guidance.

Overall, One Identity Active Roles is a very solid and reliable solution for managing Microsoft Active Directory environments. Its biggest strengths are automation, delegation, and policy-based control, which really help reduce manual efforts, improve security, and standardize operations. I would rate this solution nine point five out of ten.

Our main use case for using One Identity Active Roles is controlling AD changes through policies and roles. It ensures only authorized users can perform or configure any action in Active Directory. This improves our governance and security.

We have been using One Identity Active Roles for three years and have seen a good syncing process with our AD. There is no issue with user syncing with One Identity Active Roles. We use this in our day-to-day roles. It helps ensure that users only have the access required for their job. For example, a help desk user can perform basic tasks but not critical changes. This helps us improve security. It also helps us with automation, such as reducing manual work in user management tasks, and it speeds up processes like account creation and updates.

We use One Identity Active Roles for audit purposes. It helps us create or generate reports for audits or security reviews. This reduces the manual effort in collecting data, so it improves accountability.

The best feature provided by One Identity Active Roles is centralized AD management. It improves visibility and helps us maintain consistency throughout our policies. It is very reliable for the enterprise environment.

Centralized AD management has made it much easier for our team to handle Active Directory tasks from a single console. It improves visibility into user changes and access, which really helps us quickly identify and resolve issues. Earlier, managing users and permissions across multiple tools was time-consuming and error-prone. With One Identity Active Roles, everything is available in a single console. This gives us full visibility into user accounts and the changes.

Another feature I would highlight is the auditing and reporting capability of One Identity Active Roles. It gives clear visibility into who made what changes and when. This is very useful for compliance and troubleshooting.

It has had a positive impact by simplifying Active Directory management and reducing the manual workload. Tasks like user provisioning, de-provisioning, and access changes are now fully automated. This has really helped us save time and minimize human errors. It has also improved our security posture by enforcing proper access control policies, and we are getting clear visibility into all the changes.

One area for improvement would be the initial setup, which feels a little bit complex and could be simplified. Apart from this, I think everything is excellent and it provides great features. It works well.

One Identity Active Roles has good features that are already built-in, and we are seeing a good response from these features in our environment. I do not see any improvement required at this time based on our organization's requirement.

I have been using One Identity Active Roles for more than three years.

I have had multiple interactions with the support team for One Identity Active Roles. They are good in their response and technical expertise, and they are ready to provide support at any time. They have provided multiple technical assistance to our team, and they are good in their field.

We have seen a good return on investment with One Identity Active Roles, mainly through time saving and reduced manual efforts. Automation has really reduced the time spent on user provisioning, access management, or access changes by around 40 to 60 percent, which has significantly improved team productivity. It also helps in reducing manual errors, lowering the need for rework and support efforts.

One Identity Active Roles is highly recommended because it is a good solution that is really helping our organization streamline the process and reduce manual errors or manual efforts while providing a good return on investment. For the deployment purpose, I advise you to define your requirements and plan the deployment in advance since the solution offers a lot of features. This needs a proper design and an understanding of the workflows and access policy, and it will be really helpful to get the most value out of the solution.

We have seen measurable improvement since using One Identity Active Roles. User provisioning and access changes that used to take a lot of time, such as 20 to 30 minutes, are now completed in just a few minutes through automation, saving around 40 to 60 percent of time. We have also reduced manual errors significantly due to policy-based control and a simple workflow, which has improved overall reliability and security. I would rate this solution 9 out of 10.

When a new user is created, predefined rules automatically apply naming standards and assigned groups. This reduces manual tasks while ensuring consistency across all operations. It prevents and avoids mistakes during the account setup.

One Identity Active Roles has helped us improve security with smooth processes. It provides role-based control that ensures every action in the AD follows the rules. This provides great outcomes and improvements in our organization's process.

We have seen fewer mistakes and it is saving our time. It provides great centralized control and security by limiting access rights. These are the positive outcomes we are experiencing.

The best feature of One Identity Active Roles is its ability to control delegations. It allows us to assign limited access to team members based on their roles and responsibilities. This helps us reduce risk while keeping operations smooth and provides more secure AD management.

Delegating tasks like password resets has impacted positively in our organization and has helped us to smoothen and speed up our work. It allows organizations to control user accounts, their permissions and changes in a more structured and simpler way. This helps improve both security and the application process.

I do not see anything that needs to be changed as of now concerning the organization's needs because it is working very well and it is providing great features with great processes. The initial setup could be simpler because sometimes it feels like it should be more straightforward.

I have been working in my current field for more than eight years. I have been using One Identity Active Roles for more than three years.

The vendor is ready to provide technical support 24/7 and able to resolve issues in a given timeline with proper root cause analysis of the issue.

We have not evaluated other options.

I had a great experience with the pricing, setup cost, and licensing because the sales team of the vendor was very helpful during all of this procedure and process.

I have seen a good return on investment with One Identity Active Roles. It is helping us to save our efforts and time to manage all these processes and tasks within the time limit. It is saving our team time as well as the money of the organization.

I highly recommend One Identity Active Roles for any organization looking for strong management of their Active Directory in their environment with strong control, automation, and security features. Organizations can consider this solution the best fit. I also advise starting with the basic configuration and expanding gradually while providing proper training to the IT team. This will be helpful and beneficial over time. I give this product a rating of 9 out of 10.

One Identity Active Roles is used for automated user lifecycle management and delegated administration across AD environments and infrastructure. When a new employee joins the organization, their account is created automatically based on their department, post, and location, eliminating manual work.

When an employee moves to a different department, their access is automatically updated to reflect their roles. During the onboarding process, data is fetched from HR tools, and based on this fetched data, the access needed for employees is automatically assigned and sent. Whenever a user moves to a different department, their posts are automatically updated and reflected in their roles.

One Identity Active Roles offers exceptional features, including a delegation model that combines policy enforcement. The solution allows the help desk team to be given the exact permissions they need, enabling them to reset passwords, unlock accounts, and update phone numbers without granting them access to areas they should not touch, such as group membership or admin accounts. Every action taken follows the defined policy automatically, making this the favorite feature of the solution.

This automated delegation saves significant time for the team, as it has changed how IT operations work. Previously, a constant flood of routine requests landed on the admin team, who were already busy with substantial work. Now, such tasks are automated rather than performed manually.

One Identity Active Roles enables time savings with password resetting and account unlocking, which used to consume significant management time but are now automated. The solution also provides improved flexibility, policy enforcement that eliminates human errors, and seamless Active Directory integrations. A substantial amount of time has been reduced, and human errors have decreased.

There are no features missing; however, the initial setup could be simpler. Apart from this, everything is smooth.

One Identity Active Roles has been in use for more than three years.

There are no additional thoughts to comment on regarding the main use case. One Identity Active Roles is perfectly adequate as of now. One Identity Active Roles is recommended as one of the best solutions currently in the market since it addresses many issues such as risks faced, inconsistent account setup, excessive admin privileges, lack of audit trails, and manual provisioning errors, all of which can be resolved with this solution. This review has been given a rating of eight.

One Identity Active Roles is used day to day for centralized user management and user provisioning, group management, enforcing role-based access control, creating automated users, and notifications. One Identity Active Roles is used for managing group membership and controlling access efficiently.

Organizations having multiple employees can consider this solution to manage their employees' usernames and credentials, onboard users, and manage their access. I highly recommend all organizations to consider this as one of the best solutions.

The best feature is the role-based access control feature, which secures delegation without giving full admin rights to any users. The central management is also valuable, as it gives a single unified console to manage the entire AD environment.

This solution saves time through user onboarding and removes concerns about security, as all these aspects are managed by One Identity Active Roles. Users receive access based on their role, the onboarding process is simpler, and manual user lifecycle management has been reduced.

The initial setup is a bit complex for new engineers, so that could be simplified.

I have been using One Identity Active Roles for more than two years.

One Identity Active Roles is pretty stable.

The initial setup was easy and the licensing is also simpler. I was not involved in the cost, so I cannot comment on the costing.

The solution has resulted in money saved and time saved. It has really saved the organization money.

One Identity Active Roles is a great solution, which is why I have chosen a rating of nine for this review, with one point reserved for future enhancement of the solution.

One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

I have used the solution for over three years.

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

My main use case for One Identity Active Roles is active directory management, assigning role-based access control, and onboarding processes.

I use One Identity Active Roles in onboarding new employees, assigning least privilege access to information and digital interactions based on role.

One Identity Active Roles offers automation of workflow, compliance, and auditing, including the ability to make changes, detailed auditing, and change tracking.

I use One Identity Active Roles in centralized Active Directory administration, and it helps me reduce the risk of direct domain admin access.

The auditing and change tracking features of One Identity Active Roles make it easier for me to have clear visibility of what is changed, who changed it, and how it was changed, while also helping me maintain a detailed auditing workflow.

I appreciate the security improvement and the Active Directory management features of One Identity Active Roles.

One Identity Active Roles has been impactful and helpful in the area of automation of user provisioning and de-provisioning, and it helps me maintain a good approval workflow.

One Identity Active Roles saves me time, reduces the risk of direct domain admin access, and helps me in centralized Active Directory administration.

I want One Identity Active Roles to improve in the area of user interface, modernizing it to feel more like a SaaS tool and to have user-friendly navigation.

I also want One Identity Active Roles to improve in their policy configuration area, which requires advanced expertise, and in the area of reporting, I want the reporting to be more basic, visible, and have the ability to export and customize options.

The areas needing improvement for One Identity Active Roles include the reporting, the dashboard, and simple policy configuration.

I would appreciate improvement in policy configuration and making the reporting system more basic for user interface usage.

I have been using One Identity Active Roles for over four years.

One Identity Active Roles is very stable in the automation workflow and in compliance and auditing.

The scalability of One Identity Active Roles is very acceptable; I would rate it at 80%, and it is very helpful in internal audits, making it more visible for my organization.

The customer support of One Identity Active Roles is very good and helps to balance policy enforcement capabilities while improving my approval workflow.

I do not have any other solution rather than One Identity Active Roles because it helps me very much in the area of role-based access control.

The setup and pricing of One Identity Active Roles were very good, helping me understand the cost and the pricing system.

I have seen a return on investment with over 75% in the area of reducing costs, and 40% in reducing risk and making the workflow easier.

I evaluated other options such as LastPass and Microsoft Sentinel before choosing One Identity Active Roles.

I advise others looking into using One Identity Active Roles to utilize it because the automation in workflow is perfect, and the ability to provide detailed auditing and assist in internal audits is excellent. I would rate this review with a three out of five.