One Identity Active Roles has been a core part of my toolkit for the better part of my two years of experience in the IAM space, especially when dealing with a massive environment of more than 10,000 or 15,000 users where native AD tools do not suffice from the governance perspective. I have done deep work with One Identity Active Roles to bridge the gap between high-level IAM policies and on-ground execution, primarily enforcing least privilege and role-based access control.

If I have to boil it down to the single most critical use case for One Identity Active Roles, it is delegated administration and automated lifecycle management. I experienced this when I stepped into my role with too many people having elevated access rights for basic tasks. This led me to implement One Identity Active Roles as a security proxy layer, minimizing the attack surface while also automating our JML process via integration with our HR feed from Workday.

This leads to another major reason we rely heavily on One Identity Active Roles: data integrity and automated policy enforcement. I used One Identity Active Roles to implement policy objects that act as real-time guardrails to prevent the creation of users with incomplete data attributes, ensuring our downstream systems always receive clean data.

A specific challenge I faced when scaling our support operations was that local IT teams were shadow domain admins, resulting in issues such as a regional admin accidentally modifying a critical SPN, which led to a localized Kerberos outage. This prompted me to implement access templates in Active Directory and One Identity Active Roles to define specific actions for helpdesk users and enforce zero-standing privilege, dramatically reducing the exposure time to unnecessary rights.

The crown jewels of One Identity Active Roles that make my life as an architect easier are Access Templates, Virtual Attributes, Workflow and Approval Engine, and Managed Units, which allowed us to structure our directory into a policy-driven asset rather than constantly firefighting manual errors.

Access Templates and Managed Units are the real secret sauce of One Identity Active Roles for us. Access Templates standardize permission settings, reducing security drift and allowing for the creation of modular permission bundles such as those I created for the Tier 1 help desk. Managed Units help me stay organized without rewriting the physical structure of the directory, saving me hours of cleanup.

A critical feature that I found essential for a clean environment is Dynamic Group management, which prevents permission creep by using rule-defined group memberships rather than manual additions. One Identity Active Roles automatically manages group membership based on rules tied to the HR records.

One Identity Active Roles has had a transformative impact on my organization, moving from controlled chaos to governed operations. The biggest win has been a reduction in the internal attack surface, achieving over a 40% reduction in unauthorized or accidental access attempts.

Even though I advocate for One Identity Active Roles, there are areas for improvement, particularly in hybrid integration experiences where it feels a bit clunky compared to its capabilities for on-premises AD management. The user interface feels dated compared to modern SaaS applications, making it less intuitive for non-technical business managers.

I would like to see One Identity Active Roles lean more toward an API-first and Identity-as-a-Code approach. The current REST API feels like an afterthought, and my developers want the ability to operate through CI/CD pipelines instead of logging into the GUI.

I have used the solution for over three years.

One Identity Active Roles has proven highly stable in its core functions. Our initial underestimation of properly sizing SQL servers during major user migrations revealed the importance of careful planning, especially regarding database performance.

In my experience, One Identity Active Roles demonstrates strong scalability characteristics, although complexity with database performance, policy evaluation, and multi-domain environments should be considered. We faced some limitations with the reporting functionality, which we addressed by implementing dedicated reporting servers.

Customer support deserves a rating of 7.5 out of 10 due to their technical competence despite some structural challenges. The main friction I encountered during the escalation process could be improved for faster resolution times on complex issues. I balance my assessment of their strengths in technical knowledge and resolution quality against areas needing improvement, such as the escalation process and the support portal experience for non-technical users.

I previously used a mix of manual processes and native Microsoft tools, such as the Active Directory users and computers console for directory management. I also used PowerShell scripts for automation and a homegrown web portal for the help desk team.

The return on investment with One Identity Active Roles transforms our technical support's workflow, resulting in a 60% annual reduction in tasks such as JML processes, which were previously a nightmare when handled manually. This frees up hours for the senior engineering team.

We evaluated several options, including Microsoft Identity Manager, SailPoint, Saviynt, and custom development while recognizing the limitations of our manual processes. One Identity Active Roles ultimately offered the right blend of governance, control, and operational efficiency suited for our hybrid environment.

Discussions around pricing and licensing reveal that One Identity Active Roles follows a standard enterprise model, but the true costs often arise during implementation, making it budget-friendly yet potentially shocking at the initial quote stage when transitioning from a manual environment.

For organizations considering One Identity Active Roles, I recommend establishing a direct relationship with your account team early, which can help bypass standard queues when addressing critical issues, ensuring a smoother experience with the tool. My overall review rating for One Identity Active Roles is eight out of ten.

My main use case for One Identity Active Roles is active directory management, assigning role-based access control, and onboarding processes.

I use One Identity Active Roles in onboarding new employees, assigning least privilege access to information and digital interactions based on role.

One Identity Active Roles offers automation of workflow, compliance, and auditing, including the ability to make changes, detailed auditing, and change tracking.

I use One Identity Active Roles in centralized Active Directory administration, and it helps me reduce the risk of direct domain admin access.

The auditing and change tracking features of One Identity Active Roles make it easier for me to have clear visibility of what is changed, who changed it, and how it was changed, while also helping me maintain a detailed auditing workflow.

I appreciate the security improvement and the Active Directory management features of One Identity Active Roles.

One Identity Active Roles has been impactful and helpful in the area of automation of user provisioning and de-provisioning, and it helps me maintain a good approval workflow.

One Identity Active Roles saves me time, reduces the risk of direct domain admin access, and helps me in centralized Active Directory administration.

I want One Identity Active Roles to improve in the area of user interface, modernizing it to feel more like a SaaS tool and to have user-friendly navigation.

I also want One Identity Active Roles to improve in their policy configuration area, which requires advanced expertise, and in the area of reporting, I want the reporting to be more basic, visible, and have the ability to export and customize options.

The areas needing improvement for One Identity Active Roles include the reporting, the dashboard, and simple policy configuration.

I would appreciate improvement in policy configuration and making the reporting system more basic for user interface usage.

I have been using One Identity Active Roles for over four years.

One Identity Active Roles is very stable in the automation workflow and in compliance and auditing.

The scalability of One Identity Active Roles is very acceptable; I would rate it at 80%, and it is very helpful in internal audits, making it more visible for my organization.

The customer support of One Identity Active Roles is very good and helps to balance policy enforcement capabilities while improving my approval workflow.

I do not have any other solution rather than One Identity Active Roles because it helps me very much in the area of role-based access control.

The setup and pricing of One Identity Active Roles were very good, helping me understand the cost and the pricing system.

I have seen a return on investment with over 75% in the area of reducing costs, and 40% in reducing risk and making the workflow easier.

I evaluated other options such as LastPass and Microsoft Sentinel before choosing One Identity Active Roles.

I advise others looking into using One Identity Active Roles to utilize it because the automation in workflow is perfect, and the ability to provide detailed auditing and assist in internal audits is excellent. I would rate this review with a three out of five.

One Identity Active Roles is used primarily to simplify and automate Active Directory user and permission management. The solution automates routine tasks such as account creation, password reset, and permission assignments. It improves security by controlling access and providing auditing capability. A centralized dashboard allows for efficient management of users and permissions from one place.

One Identity Active Roles automates repetitive tasks that would otherwise require manual effort and time. When onboarding new employees, the tool automatically creates user accounts based on predefined templates. It assigns the correct group membership and permissions according to the employee role without manual intervention. This automation reduces errors and speeds up the processes.

One Identity Active Roles ensures that security policies are consistent across the organization.

One Identity Active Roles offers several valuable features, including a centralized management dashboard that simplifies user and permission administration. Automation of routine tasks such as account creation, password reset, and group membership assignment is a significant feature. Role-based access control and delegation limit permissions and enhance security. The auditing and reporting feature provides detailed information for compliance and tracking changes. Integration with Active Directory and other identity systems is also available.

The automation of routine tasks has the biggest impact on daily work. Automating account creation and password resets saves a significant amount of time and reduces manual effort.

One Identity Active Roles has positively impacted the organization by significantly improving efficiency through automating repetitive tasks and saving time for the IT team. The centralized management dashboard simplifies user and permission administration.

One Identity Active Roles can be improved by simplifying the setup process since a small team in a small business requires implementation without extensive IT support. Additionally, the pricing could be more flexible or tiered to better fit the budget of a smaller organization.

I have used One Identity Active Roles for around one to two months.

One Identity Active Roles is stable.

My rating customer service rating is 5.

Planning carefully for the initial setup is important as it can be complex and time-consuming. Ensure that there is access to expertise in Active Directory. The review rating for One Identity Active Roles is 9.

One Identity Active Roles is used for provisioning and directory management.

One Identity Active Roles has excellent delegation of permissions capabilities, allowing me to isolate the help desk team and give them permissions exactly where I need them, easily. I appreciate the automations, where PowerShell scripts can do things on behalf of other staff that I do not want to give permissions to. Two-factor authentication helps ensure that people who perform actions in Active Directory have two-factor authentication enabled.

One Identity Active Roles helps by automating tasks through scripts instead of manually running scripts or doing certain things manually, allowing people with fewer privileges to run those automations instead of burdening system admins.

One Identity Active Roles has benefited my security posture by helping reduce internal exposures of permissions and by facilitating two-factor authentication for Active Directory.

One Identity Active Roles supports my provisioning and de-provisioning needs very well. It has helped increase operational efficiency by saving a lot of time and has helped reduce the number of privileged accounts.

I evaluate the ease of managing on-premises and cloud-based identity directories through a single pane of glass as fairly easy, with a learning curve that makes it very easy to maintain once you become familiar with it.

Integration capabilities are somewhere in the middle; it is not easy to integrate, but it is not the hardest thing out there.

Certain automations, possibly web apps, could be improved or simplified to make them easier. These automations are what I think could be improved.

I do not use the comprehensive group membership management feature and have not utilized the fine-grained permission control feature deeply. The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my organization.

I have been using One Identity Active Roles for about three years.

One Identity Active Roles has very few bugs and is actually very stable, so I would rate the stability a nine out of ten.

I am not certain if One Identity Active Roles is a scalable solution for us since we have local deployment and approximately 50 users, and scalability is not really relevant to our situation.

I rate the vendor's technical support a ten out of ten.

We tried other solutions years ago, but I cannot compare them because I do not remember the details. Upper management tried something like SailPoint, Amada, or Symantec a while ago, but that was not me and those individuals are no longer with the company.

The deployment of One Identity Active Roles probably took weeks, though it depends on what is meant by deployment.

One Identity Active Roles was purchased through a partner.

I am aware of the pricing; it is on the expensive side, though pricing is not my department.

One Identity Active Roles is not a scalable solution for our organization since we have local deployment and approximately 50 users, and scalability is not really relevant to us. It is not a global solution; it is not worldwide.

The process of streamlining directory security for on-premises and cloud-based directories is not particularly applicable to my situation. Approximately 50 users use the solution.

I would say One Identity Active Roles has reduced privileged accounts by about 30 percent. To my knowledge, it has not helped reduce identity-based breaches.

I assess the visibility that One Identity Active Roles provides into my directory ecosystem as excellent. I would rate the granular control of One Identity Active Roles as a ten out of ten.

I would recommend this product, but it depends on exactly what you are trying to achieve; conducting a proof of concept about what you would like to see is vital. It is very difficult to answer in a review because it depends on the pain points of the customer and what they are trying to accomplish. Overall, I would recommend it and I am satisfied with the product.

The vendor may reach out if they have any questions or comments about my review. My overall review rating for One Identity Active Roles is nine out of ten.

My main use case for One Identity Active Roles is managing Active Directory.

I use One Identity Active Roles to manage Active Directory by adding users to groups. When I'm adding users to groups with One Identity Active Roles, we sometimes do it manually, and sometimes we automate depending on the task. There are some automations in place for simple tasks such as adding people to distribution groups, but for more complex and sensitive tasks, they are done manually where a ticket comes in ServiceNow, and then we respond to that ticket manually by adding the people and then approving it.

I think the best feature One Identity Active Roles offers is probably the automation capability, although we do not utilize it to its fullest extent.

Since automation is a highlight for me, what I like about the automation in One Identity Active Roles is the time savings.

One Identity Active Roles has positively impacted my organization by providing a consistent and easy to understand interface for Active Directory, whether you are reading it or whether you are actively managing Active Directory.

One Identity Active Roles can be improved by updating the interface as it seems to have been static for quite some time, and I feel there could certainly be improvements made. Similarly, with the automation, I feel an updated user interface would make it slightly easier to use and understand for people who are not necessarily familiar with things such as the Active Directory Users and Computers interface.

Modernization is needed for those improvements.

I personally have been using One Identity Active Roles for four years, and my company has been using it for longer, probably six to eight years.

One Identity Active Roles is very stable and we never have any issues with it.

One Identity Active Roles has scaled well with us and we are not the biggest organization, but we have never had issues with scaling it.

Customer support for One Identity Active Roles is good and we have never had to raise an issue with customer support because it is a very stable product.

I did not previously use a different solution as I was not here when we may have used a previous solution, but I think we have always had One Identity Active Roles, as it has been here for over eight years.

I have not seen a return on investment or any relevant metrics and I cannot imagine we would have saved any employees or any full-time equivalents for One Identity Active Roles.

My experience with pricing, setup cost, and licensing for One Identity Active Roles is that they are all very reasonable.

Before choosing One Identity Active Roles, my team did not evaluate other options because I was not here when the team chose it as it was so long ago.

The advice I would give to others looking into using One Identity Active Roles is to be already familiar with Active Directory Users and Computers if possible, and dive into the automation as much as possible when you first receive it without hesitation to test it.

One Identity Active Roles is a very stable product and we would not consider getting rid of it, or at least a product of this sort, as there is definitely a need for it. I would say that as we migrate further into the cloud, there will probably be less of a need for it, but certainly for on-premises Active Directory, it is very important to us. I gave this review a rating of six.

My main use case for One Identity Active Roles is delegations and limiting access based on least privilege principles.

A specific example of how I use delegations and least-based access in my environment is that for cases where people only need a password reset, I can grant that capability without granting the ability to unlock accounts, or I can grant the ability to unlock without granting people password reset permissions.

The best features One Identity Active Roles offers are that it can be used across multiple domains and forests.

In our company, we have 85 different domains, and it would be cumbersome to have a separate instance of One Identity Active Roles for each domain. One Identity Active Roles allows us to give people in one domain access through One Identity Active Roles to all these other domains without them needing an account in each of those other domains, even though there does not have to be a trust between those domains.

One Identity Active Roles has positively impacted my organization by helping speed up delegations and helping us find permissions and generate reports more quickly on who has what access where.

One Identity Active Roles takes us less time, probably half the time, to complete delegations that are very granular and complex, compared to having to use native tools and scripts.

One Identity Active Roles can be improved because schemas sometimes differ between domains, and One Identity Active Roles does not behave very well with that inconsistency. We have an open case with Quest on this issue, but so far they do not have a solution for it.

I would also like to request that their support be more detailed, as we are finding difficulties getting to the correct people.

I give it an eight mainly because if we have to undo it for a divestiture, it is very difficult to strip off just the permissions easily because they are done via domain groups. We have to go back and find them all and remove them individually, so there should be an easier way to do that.

I have been using One Identity Active Roles for six years.

One Identity Active Roles can be buggy at times, and we have to restart the server.

One Identity Active Roles can handle growth in my environment, but the downside is that when we have domains that are further away from the server, it takes longer to bring up the console.

I am not really satisfied with the customer support for One Identity Active Roles as the support is pretty limited.

We do run into challenges with managing upgrades and patches for One Identity Active Roles, but we have a test instance that we try to do it on first.

My advice to others looking into using One Identity Active Roles is to plan out in advance and think about the big picture before you dive in. I give One Identity Active Roles an overall rating of eight out of ten.

One Identity Active Roles is used for delegated access. It helps with RBAC controls and allows us to manipulate across our facilities which OUs in Active Directory they can manage, along with dynamic groups and keeping the ability where folks don't have to use ADUC and they can just use a delegated management overlay tool to not delete groups and not delete OUs and not inappropriately move objects across containers.

Regarding the ease or difficulty of managing on-premises and cloud-based identity directories through a single pane of glass, we leverage One Identity Active Roles from strictly the on-premises space. Being able to leverage it from a delegated access perspective, the console itself is very clean. It looks very similar to Active Directory Users and Computers, which legacy, long-time IT people are used to. So that outline from a UI perspective makes things seamless. People don't even know that One Identity Active Roles is actually a product and not just a built-in native solution for Windows, which is very key for us.

Regarding One Identity Active Roles' ability to provision and de-provision resources in directories such as AD and Azure AD, it is very seamless. From a permission standpoint, it is a right-click de-provision user and having that recycle bin to quickly uncover or recover is very useful. It is very seamless. It is not the best from a change history standpoint as far as quantifying those logs, but it is nice to see that this object was de-provisioned on X day by a user, and it can quickly be restored in the event that was a mistake.

About group membership management in One Identity Active Roles, I have already discussed how you can delegate groups with OUs and naming conventions through the complex IT teams that we have in our organization. From a group membership standpoint, we can manage groups and delegate that access across the organization from our enterprise service level that can do password resets versus our identity engineering team who has full domain admin in the console that can manipulate those access templates and make adjustments accordingly.

The favorite feature of One Identity Active Roles is definitely the granularity and specifics on the access templates. You can dive deep into controls all the way down to manage individual objects, all the way from not just at the OU level, but how granular delegated access is with One Identity Active Roles is definitely the most useful feature to my organization.

One Identity Active Roles absolutely helps reduce identity-based breaches. It is from an identity governance perspective, being able to ensure that folks that are in specific positions have the least privileged access possible. One Identity Active Roles makes that very seamless for our user base. We are a for-profit healthcare conglomerate with thirty states, over fifty community hospitals across that are all in a single pane of glass under our LifePoint Health Active Directory domain. Being able to say that your facility can only manage these objects in this OU and delegating that from their core IT engineering staff versus their help desk versus an application owner makes it all very seamless.

One Identity Active Roles has absolutely helped our organization reduce its number of erroneous privileged accounts. We can quickly evaluate those accounts. You can see the same features within ADUC, but you can quickly isolate those and validate where they are and adjust them however you want.

One of the things I would like to see more robust is the change history. One Identity Active Roles can only monitor changes that happen in the console, and the logs don't go back longer than thirty days, maybe sixty days. The change history, when we've seen accounts get modified, we leverage a container domain that funnels accounts into our Active Directory console. I would like to see from an initial user provisioning perspective, for them to isolate the workflow and say that this came in on X date and account was created. If anyone were to modify that account from an external resource, I would like to be able to read that as well. One Identity Active Roles is strictly limited to the console. If someone makes a change, the history of those changes is not as long as I would prefer.

Our company has used One Identity Active Roles for over five years. I have been with them for the last four years. Personally, I have been a user and managed the team that controls One Identity Active Roles for four years.

Regarding stability, One Identity Active Roles is mostly stable. The only times it is not is when we have the eight-point-zero long-term service release. I have not seen any sort of hiccups in connectivity. If anything, it is on our side from a networking standpoint. It is a very stable product, at least recently.

One Identity Active Roles is more beneficial to a large corporation. I am sure that licensing can vary in cost, but it is definitely very beneficial to complex Active Directory environments from a control perspective and being able to grant least privileged access that folks need to do their job.

We don't get a lot of communication from the One Identity side. I don't know who our account representative is, and that is kind of not good since we have had some turnover there.

I have not used any alternatives to One Identity Active Roles. From an on-premises AD standpoint, delegated access has been with LifePoint as long as in my career. That is what we have leveraged. It has been useful. We have rolled it out across several Active Directory domains as our management overlay, but that has been our main one.

When I first started using One Identity Active Roles, it is intuitive. It is not super complex. The management of it, we used it from a user provisioning standpoint before we switched human capital management systems. I was not really involved in that, but from an end user standpoint, you pick your web database server. The thick client is much easier from a UI perspective looking through it because it looks very similar to ADUC if you have any experience in IT. The web portal is fine. I think it is a little more clunky, and that is what most folks use, but it is intuitive. You pick your web or database server, log in with your credentialed account, and it synchronizes and loads. It is seamless, and from an intuitive standpoint, it is on the higher end.

Regarding the pricing of One Identity Active Roles, it is definitely on the expensive side compared to solutions for what it does. It is a necessary need for us. I don't know One Identity Active Roles' business model, but it is very niche in the sense that they are going to target complex environments like mine that have a need for delegated access. There are other IGA platforms that do delegated access and offer a much larger suite of solutions, but it is definitely on the expensive side. I think our total was in the seven-figure range for a couple of years of service.

Overall, I would give One Identity Active Roles a rating of nine out of ten. The main pain point I have is not huge because I know there are AD audit solutions out there individually. But with the control that One Identity Active Roles has, being as intuitive as it is, I think it is a nine out of ten. I would recommend it to any healthcare conglomerate that has multiple hands in an Active Directory environment. There are many components that I think our team is not touching the surface on from a dynamic group perspective, and we just use it for what it is today, but I think there are more components that we could explore.

One Identity Active Roles is used primarily to manage and provision AD user and group accounts, delegate access more securely, and enforce role-based control.

We also use it to automate new joiner, mover, or leaver workflows, apply policy-based approval, and maintain audit and compliance reporting across various customer environments.

For example, One Identity Active Roles is used for user provisioning. When a new AD user is created, One Identity Active Roles automatically places the account in the correct OU, applies naming rules, and assigns role-based group membership based on its department.

If privileged access is requested, it enforces approvals and logs the change for audit compliance.

Day-to-day, One Identity Active Roles is used to delegate AD tasks safely to the service desk team, automate routine user group changes, and enforce policy-based controls so changes are consistent and auditable across multiple customer environments.

One Identity Active Roles offers several valuable features in our experience. Role-based access control allows us to define who can do what and reduces the risk from broad admin rights.

The automated provisioning workflows automatically create, update, and disable accounts with approval steps.

Additionally, group management automation allows us to auto-assign users to groups based on attributes such as department, location, and job roles.

We also value the auditing and compliance reporting, which helps us to track who did what and when, assisting in satisfying compliance requirements.

One Identity Active Roles has helped us standardize and secure identity management across multiple customer environments.

It has also reduced our manual effort through automation and minimized error with policy enforcement, improved our security through role-based access control and approvals, and strengthened our compliance with full auditing.

This results in faster operations with lower risk and more consistent service delivery.

One area where One Identity Active Roles can be improved is by having deeper native connectors with existing and more ITSM and identity tools, which would simplify automation across multiple cloud and customer locations.

I would also suggest enhancing the reporting flexibility; while audit reporting is strong, customizable dashboards and visuals could help non-technical stakeholders gain insight faster.

Some users find the admin console and workflow designer to be somewhat complex, so making the interface more modern could reduce the learning curve.

One Identity Active Roles has had no downtime and no major reliability issues so far. It remains stable, although we have encountered a few issues that are manageable.

One Identity Active Roles is scalable and can be deployed in small organizations to large organizations.

It also scales from one line of business to multiple lines of business under a single centralized cloud management platform.

Interacting with customer support for One Identity Active Roles is always positive. They are knowledgeable, and the response time is low.

Before One Identity Active Roles, we used manual scripts for user and group management.

We switched because the native tools were time-consuming and very error-prone, lacking the automation and delegated administration features.

One Identity Active Roles provided us with centralized, policy-driven management, automated workflows, and role-based access control, which made managing multiple customer environments much more efficient and secure.

Since using One Identity Active Roles, we have definitely seen a return on investment.

We have saved time; the automated provisioning and rule-based workflows have reduced manual AD tasks by around thirty to forty percent, freeing IT staff for higher priority work.

Additionally, we have reduced costs—fewer errors and misconfigurations mean less time spent troubleshooting, and we actively use that to lower operational costs.

The granular role-based access and audit-ready reporting have also reduced our risk and simplified audits.

My advice for others considering One Identity Active Roles is to proceed with the implementation.

Start with one line of business, and then expand it to multiple lines of business and customer environments.

I also suggest taking advantage of auditing and reporting from day one to simplify compliance.

I would rate this product an eight out of ten.

I am one of the resellers for One Identity Active Roles, so that is the reason I downloaded it.

One Identity Active Roles is generally used in complex IT setups where Active Directory plays a critical role and organizations have many compliances and mandates to be followed. For example, in India, we have many banking customers who are governed by the Reserve Bank. In the US, you have the Central Bank or Federal Bank; in India, we have something called a Reserve Bank. All the big financial sectors have to follow the mandates and compliance provided by them. Identity solutions come into that part as well. So to make sure that everybody has the right amount of access and nobody has all access, One Identity Active Roles plays a critical role over there.

In India, this kind of requirement mainly comes from regulated entities or regulated enterprises. So they prefer the on-premises solution for One Identity Active Roles. We have not had a customer in the past who has gone through the cloud solution. They want everything to be hosted on their premises. Since I have not come across the cloud-based installation yet, I cannot comment on that piece, but on-premises is what they look for in the current setup which we provide.

One Identity Active Roles brings significant value through its lifecycle management capabilities, which are very good with no complaints or problems at all.

With the inclusion of One Login, which One Identity acquired three or four years back, One Identity Active Roles has gained complete coverage. Earlier, One Identity lacked an IAM solution. They always have had the Active Directory management solution in the form of One Identity Active Roles or through the IGA solution. But with the inclusion of One Login, that has really fulfilled the requirement which customers need from a single vendor. The competition includes SalePoint, Saviynt, and others, including Ping Identity, who is also coming up with an IGA kind of solution. One Identity has been providing it for a very long time, longer than these competitors who have just started realizing all those things and providing a similar kind of solution to the customer. One Login and One Identity provide complete coverage to the customer, which is really helpful.

One Identity Active Roles brings a positive impact to organizations in that they will start realizing the ROI in a much faster manner because the implementation time is very short and it is easy to use. Additionally, since there are many regulated entities which need this kind of solution and in the market there are very few solution providers who can provide this kind of coverage, that is the advantage which One Identity Active Roles has.

If One Identity Active Roles has to be positioned for all customers, not just the entities which are being regulated, then the pricing has to be normalized. There are many solution providers in the market who can do it at a much lesser price. India is a price-sensitive market, and I can speak only for India; I cannot speak for the other part of the world. We have many local vendors who can provide these kinds of solutions. But since One Identity Active Roles is a much more mature product and has been in the market for a very long time, customers have some respect for that and they can pay the premium. But that premium cannot be three times, two times, or beyond three times. So the pricing has to be normalized based on the market. Every market has its own constraints, so the One Identity team should work on that aspect.

I have been reselling One Identity Active Roles for almost seven to eight years.

I have not had a challenge working with One Identity technical support so far. Everything is good, and I can give One Identity technical support a rating of ten.

I have worked with Microsoft earlier. I started my career with Active Directory, which is the base of providing identity in the older days. Twenty years back, when we talk about identity, it was always Active Directory from Microsoft. So I have worked with them. Now even Microsoft has come up with their own offering called Entra ID, and they are also competing with One Identity or SalePoint in a similar segment.

From the product perspective, deploying One Identity Active Roles is not that much cumbersome or troublesome. It is a very easy deployment. The only thing which we have to generally figure out is the kind of Active Directory infrastructure the customer has, and based on that, we will have to configure the rules or the policies in the tool.

From the product perspective, the installation of One Identity Active Roles will not take much time and the integration with Active Directory itself will not take much time. Installation is hassle-free and not complex at all. The only thing which takes time is the configuration part. When I say configuration, it is mainly from the policies perspective because we have to understand the customer requirement and based on that we have to create all the rules and policies so that we can fulfill all the use cases.

When I say the configuration of One Identity Active Roles, it is basically because of the customer setup and not because of the tool itself. Because you have to create a lot of policies, and those policies need to be created because the customer has that kind of complexity in their setup. Otherwise, this is an easy tool to manage. If the environment is well-configured or well-managed by the customer, then One Identity Active Roles will not take much time.

I do provide deployment for my customers. For deploying One Identity Active Roles, you need one person, and that is more than enough to manage the solution. We have a different team who does the installation of One Identity Active Roles.

One Identity Active Roles has helped my organization increase operational efficiency. Now only the right person has the right access. Not everybody can go and log into Active Directory or the identity management solution which they have directly. One Identity has a theme that they want the right people to have the right set of access, and this is what they are able to provide with their tool.

One Identity Active Roles has helped to reduce the number of erroneous privileged accounts. That is what they want to achieve. When I talk about customers, they do not want any intruders or hackers to get access to their data. This can happen even from a legitimate user if their credentials are compromised. These kinds of solutions always prohibit those kinds of activities by a hacker or a mischievous character in the organization to take advantage of the system.

One Identity Active Roles helps to reduce identity-based breaches.

Right now, a lot of the discussion is centered on agentic AI for One Identity Active Roles. An agentic AI who can do most common tasks on its own would really help.

To be very honest, the ability to provision and de-provision resources in directories needs to be handled by my technical person, since I do not belong to that field.

I feel with the kind of use cases which One Identity Active Roles addresses and the kind of market we play into, then I think nine is a good rating for them. There is always room for improvement, so hence I am not giving it a ten at this time.

I use One Identity Active Roles primarily for identity management. We use it for managing multiple domains from a single interface, and the domains do not have trust between them. It has been used by multiple support teams, such as the service desk or the identity access management team for account creation, modification, and management of accounts. It is mostly focused on account creation, modification, deletion, and AD objects.

One Identity Active Roles has helped my organization reduce the number of incorrect privileged accounts through the management unit feature. It helps us identify accounts that are not in use, and while creating admin accounts, we use it to set policies regarding which required fields must be filled during account creation. This helps us keep the process clean and ensures all required attributes are filled before account creation. We have scheduled scripts on One Identity Active Roles that check if activity meets criteria. If it doesn't, it will move the account to a specified OU, disable it, or delete it, as per the defined process.

One Identity Active Roles helps us keep accounts consistent. For instance, when somebody leaves the company, all associated accounts get removed, which helps us eliminate unwanted accounts.

For Active Directory, the provisioning and de-provisioning capabilities work exceptionally. The de-provision feature allows account disconnection without disabling it, enabling quick reconnection with automatic group additions. This feature significantly speeds up the process compared to disabling and re-adding to groups.

The comprehensive group membership management feature is exceptional because it offers two features not available in Active Directory directly: adding multiple secondary owners and dynamic groups. The latter is only available for Azure AD, not for on-premise AD.

Using One Identity Active Roles enables temporary group additions. For instance, if a group provides access, we can temporarily add a member, and when the time period expires, the member gets removed automatically.

The granular control is exceptional; we can give the least control required by the team. For modifying any group, we don't have to give create and delete roles; we can just give them the move role.

The delegation of administrative access impacts IT operations positively through access templates, which are usually created based on the team.

One Identity Active Roles has increased operational efficiency despite occasional slowdowns. Solution consolidation is part of our identity and access management strategy, eliminating the need for direct Active Directory access for the help desk and IAM team.

The best features of One Identity Active Roles include managing multiple domains from a single interface. I don't need to log into jump servers, making it very easy to log in from the web and manage it. Dynamic groups are also one of the best features, eliminating the need to add or manage members manually. The management unit is another excellent feature, which we can use as a virtual OU to identify missing elements.

The approval process and group approval process can include adding multiple secondary owners.

The interface appears outdated. Once logged in, everything inside remains unchanged from years ago.

Additionally, when they release new features, they should provide training or webinars at least once or twice a year. This would help users stay updated and aware of new features. When I requested a demo session with One Identity, the presenter didn't provide complete details, making it difficult for non-technical managers to understand. The demo should be planned based on the customer's knowledge level.

Regarding visibility in the directory ecosystem, while it is very good, there are limitations. When we add numerous domains, it becomes slow. With around 60 domains, attempting to add approximately 30 caused significant performance issues. We had to remove and decrease the number of domains, indicating room for improvement in managing multiple domains from a single interface.

I have been using One Identity Active Roles for approximately 11 or 12 years.

I would rate the stability as eight out of ten. I have already discovered approximately three defects in the new version.

While One Identity Active Roles has improved operational efficiency, there are occasional challenges with system slowdowns.

The scalability is excellent, rated around nine or ten out of ten. It can be expanded or decreased based on the SQL server requirements.

In our organization, the solution is open to all users with read-only access, with approximately 200 users having admin access.

I would rate their support a nine out of ten.

I've personally deployed systems from scratch, from planning through to completion.

Deployment is not overly complicated. We do need to ensure that the required ports are open and that we have the necessary permissions. However, it does vary from company to company regarding how they manage to get those ports opened and permissions granted. Based on my experience, I would rate the complexity of deployment as about a seven or eight out of ten. In the new version, we did encounter some issues related to system slowness, but other than that, most aspects look good.

The deployment duration depends on your company's processes. If you manage to get the ports opened and the permissions granted quickly, the deployment can be completed in about two months. For us, it took approximately six months because acquiring the necessary permissions and opening the ports took time. Additionally, post-deployment, we needed to conduct some testing as well. So, while I wouldn’t say it takes excessively long, it does depend on your circumstances. If everything is in place, meaning if the ports are open and permissions are set, you could deploy a basic version within two days.

The solution requires regular maintenance, including server patching and routine updates. We monitor alerts and check the website regularly as part of business-as-usual support.

When comparing One Identity Active Roles with other solutions in the market, there are no direct competitors. Having explored alternatives in my previous company, I found it to be more user-friendly and to have more secure features around Active Directory than other available solutions.

Regarding integration, I have not yet integrated One Identity with other One Identity products as this process is ongoing with our recent upgrade. While we have multiple One Identity products, this integration remains a future project.

Regarding lifecycle management capabilities via the workflow engine, we have not fully utilized it because most workplaces have used third-party tools such as Microsoft MIM. At my previous workplace, SailPoint was used for complete account lifecycle management. We primarily used One Identity Active Roles for account management after creation and for modification of admin accounts.

I would recommend One Identity Active Roles based on its ability to manage domains from a single interface and provide minimal-required access based on work requirements. The web interface login and MMC console are very user-friendly.

I would rate this solution an eight out of ten.