My use case is for task automation, such as user provisioning, deprovisioning, delegation provisioning, and rights delegation. It simplifies the management of users and groups.

Currently, task automation, like provisioning, deprovisioning, and reprovisioning, is very effective. When a user moves from one organization to another, it automatically changes their group membership and performs similar functions.

Secondly, the granular delegation feature is very nice and much simpler and easier than it is natively in Microsoft.

Two years ago, One Identity Active Roles was under Dell. It was quite poor. However, now, there have been notable improvements, such as faster system processing, better logging, enhanced information, and a more user-friendly interface. Once it was sold by Dell, things got better. The interface became a bit more user-friendly.

The Angular user interface is much more flexible for adjusting to customer needs, and a completely new and customizable one can be created, aligning with all settings and scripts required by a customer.

The ease of managing on-prem and cloud-based directories through a single pane of glass is good. I'd rate it nine out of ten.

The solution's ability to provision and deprovision resources and directories like Azure AD is very simple, especially when you can integrate with the HR system and grab some data from HR. It's actually fully automatic. I don't need to even touch it.

It's helped increase operational efficiency by 50%.

It's helped decrease security problems around privileged accounts. We were able to decrease the number of privileged accounts and have been able to delegate more effectively.

We decreased the number of high-level permissions that administrators had. For example, if someone is a DNS administrator, he has access only as far as the specific actions he needs to handle. We don't need to give away such high privileges for such a daily job. It's helped clarify roles and access.

It's helped reduce identity-based breaches. If someone leaves a company, we can easily undo provisioning and close accounts. We can generate reports to see which people have which permissions and at what times.

We've just integrated with our HR system. It helps us follow activated and deactivated users.

I'd rate the granular controls on offer ten out of ten.

We've saved on manpower in terms of the work of the administrators. There's good reporting and functionality, and it's very transparent. You can connect more than one directory and manage everything from one pane. You can do many things from one interface.

The possibility to request group membership, similar to the past, was disabled and moved to Identity Manager. That would be coming back in six months.

Additional documentation about the Angular web interface is also needed.

I have used the solution for ten years.

I encountered some problems in the past with the system, not just with our infrastructure but also on the customer side. There were some software bugs.

Overall, on a scale of one to ten, I would rate it at eight and a half to nine. There were no major problems with One Identity Active Roles.

I'd rate scalability ten out of ten.

It's rate support ten out of ten.

I've been working with the system for so many years, it's very simple and easy. It's one of the best solutions. There are a few things missing, however, I prefer it and if it fills in the existing gaps, it would be the best option on the market.

The installation is quite easy and involves only a few clicks to have One Identity Active Roles up and running. The hard part begins with the configuration: creating workflows, permissions, provisioning, deprovisioning workflows, policies, and so on. Nevertheless, it is quite straightforward, and the documentation is very clear and simple.

There is a bit of maintenance needed. It's not just install and forget. You need to check the logs and make sure services are up and running. It's not time-consuming. It's very simple.

I am working on the partner side of One Identity. I have implemented One Identity Active Roles in several organizations. The longest implementation took two weeks, and the shortest was three days.

The solution saves manpower and time for network administrators, offering a significant return on investment. One Identity Active Roles provides excellent reporting and auditing functionality, allowing administrators to track permissions, actions, and responsibilities effectively.

We've likely seen a 30% ROI.

I would rate the setup cost ten out of ten. It is quite expensive, costing more than 50 euros per identity. While it is worth the price, not many companies are willing to pay such an amount of money.

I'm a One Identity partner. Our clients range from small to enterprises. Customers range from 50 to 30,000 people.

If there is any mess in Active Directory, like excessive delegations and errors, One Identity Active Roles will help clean it up and simplify work. It allows administrators to confidently ensure everything is configured correctly in Active Directory, securing it effectively.

I rate the product nine out of ten.

We use it for various purposes, such as automating tasks in an Active Directory environment.

It assists the help desk in doing certain tasks in a more controlled manner, for instance, setting up new users. We enforce required fields to prevent setting up users without them, ensuring that certain fields meet specific requirements. It also facilitates easier management of various security features than Active Directory.

It has helped increase operational efficiency in our organization. We have a clear structure. There is a reduction in the mistakes.

It is an easier way for me to manage Active Directory with more advanced features.

The console helps with granular control.

There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface.

I have used the solution for a bit more than three years.

It is stable. I would rate it an eight out of ten for stability.

It seems scalable.

It is good. I would rate them a nine out of ten.

It is good, and I would recommend it, but you should do a proof of concept and see if it works for your environment.

Overall, I would rate the solution an eight out of ten.

We use it extensively. Our help desk and all the end users or administrators use it. It was being used for user provisioning, but we have now automated some of the functions. Earlier, when it was being manually done, we had set up all the templates for the end-user provisioning and de-provisioning.

The granular control has been very helpful for us. We want to be able to control what level users have access to. It is possible to control access levels at the organizational unit or even the attribute level, making it helpful for us.

Active Roles helped increase operational efficiency in our organization. We have delegated user provisioning to the help desk so they can create users or manage accounts. We have delegated group management to identified group owners who can manage their groups. Some of them just need read-only access to AD; they do not need to download the native tools. They can just do it via a browser.

Active Roles has helped our organization reduce the number of erroneous privileged accounts. We have set the templates, and we have set the standards. It helps standardize all the naming conventions and how they are provisioned with the rules. That is definitely very helpful.

We use the change history to see who might have modified what object. We have that tracking, but we use a tool from Quest called Change Auditor that can do the auditing to figure out who did what type of thing for auditing.

It is very intuitive and close to the native tools. Since it is web-based, it does not require extensive training for our end users. If users are familiar with native tools, they should be able to use the web-based tools with minimal training.

I know they have increased support for Entra ID and mentioned providing support for AWS. A way to connect to various directories and integrate with cloud directories would be beneficial.

We have used this solution for about 15 years.

It is very beneficial for large and complex environments. For mid-sized to small companies, I do not know if it would be that useful, considering the tool's purpose. For us, with a complex AD environment, it is incredibly useful, but for smaller companies, where there are not many users or roles needing identification, it may not be as beneficial or cost-effective.

We have more than 65,000 users.

One Identity's support is great. I would rate them a nine out of ten.

We have been using Active Roles since I have been on the team. We rolled it out and have been using it for the last 15 years or so. They were using native tools earlier.

I have not used other vendor solutions, just native tools.

We deployed it and recently upgraded it. We received support from One Identity for consulting, but we did the upgrade ourselves. It was not too bad.

I would rate it a five out of ten for the ease of use. We were trying to do some load balancing and things like that, which did not work out the first time. There were also some issues with the dynamic groups. The first time, we had to roll it back, but we were successful the second time.

The pricing is high. I have not been involved with the renewal or cost aspect, but I know it is not cheap by any means. However, it is very useful for our environment.

I would rate One Identity Active Roles an eight out of ten.

I use it primarily for granting, managing, and auditing access.

The ways Active Roles has improved the way we operate are through workflows and user onboarding, automatic user management, group permissioning, adding users to the right groups based on the department, and distribution list creation based on dynamic group membership and active users.

And because of the single interface and workflows, it has simplified AD and Azure AD management efficiency and security.

The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

I have been using One Identity Active Roles for eight months.

It's a stable product.

It's also a scalable product. We have about 14,000 users.

The best thing about their Premier Support is their assistance with customization and resolving issues that arise.

Our company chose One Identity Active Roles rather than something else because of the auditing capabilities and workflow capabilities.

The initial setup was quite easy, but it was time-consuming. It took about three months.

It's expensive.

Compared to native Active Directory tools, in terms of accuracy and security, Active Roles is a nine out of 10.

Understanding the requirements and the key areas on which you want to focus before deploying it is vital to making sure it caters to your needs.

Overall, it enables a lot of automation and workflow-type processes. It also allows for human intervention and has auditing and reporting capabilities that include generating an automated report on a periodic basis for management review.

We're using it for identity management, including the creation of accounts and synchronizing them with our HR system.

It improves things in many ways. You have control over what attributes the service desk analyst can change and you can provide them with lists of changes. You can build in the integrity rules. It also definitely simplifies management on-prem. It definitely is a plus to use this tool.

We do automated provisioning and it's set from HR through this tool. It's all instant. If it had to be done manually it would probably take a couple of hours per user, but we've had it set up like this for 10 years so I'm not sure how much time it's saving us.

It has so many features. Dynamic Groups are good and the ease of delegation is useful as well.

The Group Family feature is okay, but there are some issues around its use for creating objects automatically, based on HR attributes.

Another issue is that it doesn't look like the hybrid connections are particularly mature. We haven't really used it much. We have a couple of guys setting it up who don't really like the way it's working. It uses a synchronization tool to do that. Native integration with the cloud would be better.

Also, we're trying to manage Office 365 mailboxes and although it will create a mailbox in the cloud, it won't do shared mailboxes. That means we're having to write custom solutions for that.

Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up. Some of their built-in functions will work off of both servers and I don't see why this shouldn't as well.

Another similar gripe is that when you run custom Active Roles policies, they'll actually trigger on both hosts, not on one. In that scenario, it would be better if they would trigger on one host, unless it wasn't available. For example, if you're writing to the event log, you have a custom task and it will show up multiple times because it's being processed by multiple front-end hosts.

I've been using One Identity Active Roles for 10 years.

It's a stable solution.

It's scalable, but I don't know how scalable. A lot of it is running off of custom scripts and the question is how scalable those are in large environments. We don't have a massive environment, but we have no issues with it for our 2,000 employees. I'm guessing that if you get up to 100,000 to 200,000 employees, it would start struggling.

It's used in our organization for management of any objects inside Active Directory, so anyone who manages anything in Active Directory uses the tool.

We use the vendor's Premier Support. We wouldn't run any product like this without vendor support. It's quite critical to our company, so it would be crazy to do that with support that wasn't working. At the times we've had to deal with them, they have usually been pretty responsive.

The solution we had before Active Roles was custom-made for the company and it was written about 13 years ago.

The initial setup of the solution was straightforward. It took a few hours. I'm the only person on our IT team who handles this product, in terms of deployment and maintenance.

We haven't measured ROI, but given that it provides automation and does save quite a bit of time, there is definitely a return on investment.

It's fairly priced.

In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what.

In fact, you can do that for many objects as well. You can see what that object can manage and who can manage the objects. You can answer an auditor's questions fairly quickly. It's just much clearer than it is in Active Directory.

I don't believe the solution enables you to create a user in the cloud and give them access to resources through a single workflow; not out of the box. You could certainly create that, but we don't do that. We use Azure AD Connect for that. We create the user account on-prem, and Azure AD Connect will create that user in the cloud for us.

Definitely do a PoC, but I would recommend Active Roles for a small company. I don't know if it would actually scale. You have to write custom scripts for a lot of it, whereas built-in functionality would generally be quicker. But for small companies of 2,000 employees, and maybe a little bit bigger, it's a great product. It's so much easier and cheaper than any of its rivals.

The solution is used for lifecycle management and can be deployed on-prem or cloud.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow which is important to all our clients.

The solution enables zero trust security with hybrid AD fine-grained delegation and role-based access control which is important to all our clients.

The solution acts as a firewall against Active Directory, requiring our IT team to go through active roles and get approval to make changes. It has also reduced our onboarding time from one or two weeks to five or ten minutes.

The solution reduces the time it takes to reset a password to under one minute.

The solution simplifies Active Directory and Azure Active Directory management efficiency and security. It has a proxy layer, which means that no one talks to the connecting platform directly. All requests go through the active roles, which act as a proxy layer. We can set all kinds of policies, rules, and business enforcement policies on the proxy layer. This means that nothing flows to the platforms without proper information or proper data standardization. The solution manages and streamlines everything in this proxy layer.

The automated provisioning can be completed in under ten minutes.

Secure access is the most valuable feature.

The solution needs an attestation process that includes certification and recertification attestation.

The pricing is high and has room for improvement.

I have been using One Identity Active Roles for 20 years.

The solution is extremely stable. I give the stability a ten out of ten.

The solution is highly scalable and used by customers worldwide.

The technical support is responsive and helpful.

I previously used ManageEngine ADManager Plus, but I switched to One Identity Active Roles because it is more robust and highly scalable. ManageEngine is lightweight and it slows down when the number of users increases.

The initial setup is straightforward. Deployment takes around 20 minutes and depends on the type of deployment: integration, application, life cycle management, or RMAD management. However, there is usually a design and discovery phase that we conduct. Based on the discovery phase, we finalize the scope of the implementation that the end user wants to implement. This may include RMAD integration or both.

We implement the solution for our customers.

Customers typically see a return on investment within one or two months of using One Identity Active Roles.

The pricing is on the higher end.

I give the solution an eight out of ten.

Although small companies can use the solution, it is not essential for them. However, it is recommended for medium and large organizations.

One Identity Active Roles exist because of the shortfalls in Active Directory.

Before implementing One Identity Active Roles, it is important to identify the pain areas and challenges that the solution can address. This solution provides a lot of options and is highly customizable, so it is important to start with the key pain areas and challenges that the organization is facing. By doing so, the organization can gradually increase the scope of the implementation and reduce delays in automating or executing certain tasks.

It is common for people in organizations to resist change. They often prefer to work in the same way they have always worked, with the same tools and processes. In order to get people to adopt a new solution, such as One Identity Active Roles, it is important to convince them of the benefits of the change. This can be done by demonstrating how the new solution will improve efficiency, reduce costs, or increase security. It is also important to get buy-in from both the top management and the technical staff. Once everyone is on board, the change is much more likely to be successful.