One Identity Active Roles

One Identity Active Roles serves as my centralized identity and access management solution, with the key feature being the automation of users' lifecycle management. Another use case is delegated administration through a role-based administration model, which allows us to securely assign administrative tasks to different teams or individuals while maintaining governance and compliance.

A specific example of how I use One Identity Active Roles for these tasks is in one of our projects for automating the user onboarding process. When a new employee joins the company we were building, One Identity Active Roles automatically provisions the account for the directory, assigns them to the appropriate security group based on their role, and creates the necessary permissions without manual intervention. This speeds up the onboarding and ensures consistent access rights.

Regarding my main use case for One Identity Active Roles, we have also used it to implement access requests and approval workflows for the software we were building, and we are also automating the user offboarding. The automation capabilities of One Identity Active Roles are exceptional.

The best features One Identity Active Roles offers is role-based administration, which provides secure delegation of administrative tasks to different teams or individuals while maintaining governance and compliance.

Role-based administration has helped my team because we can securely delegate specific administrative responsibilities to different teams or individuals without giving full administrator rights.

One Identity Active Roles has positively impacted my organization. My senior managers informed me that aside from using it for other companies' projects, we are using it in our company as well. The positive impact is that it saved time, improved security, and made things more efficient. However, I have only been here for four to five months, and we have been using it for one project only.

Regarding One Identity Active Roles's governance and security capabilities, the role-based delegated administration, centralized policy enforcement, and audit compliance and reporting are exceptional features. One Identity Active Roles has had a positive effect on reducing the complexity and workload of the administrative tasks related to Active Directory.

One Identity Active Roles can be improved, as the user interface could be more modernized and the reporting and analytics feature could be enhanced.

It would be beneficial if the documentation was clearer.

I have been using One Identity Active Roles for four to five months.

One Identity Active Roles is stable, and I believe it is very reliable.

One Identity Active Roles has a scalable architecture.

I have not used customer support for One Identity Active Roles.

We are using One Identity Active Roles as our solution, so I did not previously use a different solution.

Before choosing One Identity Active Roles, we did not evaluate other options.

I was not on the implementation team, so I do not have knowledge about the ease or difficulty of integrating One Identity Active Roles with our existing IT infrastructure and directory services.

I am only four to five months into my tenure at this company, so I cannot specify whether I have seen a return on investment or share relevant metrics.

I was not on the setup team either, so I cannot explain my experience with pricing, setup cost, and licensing.

Before choosing One Identity Active Roles, we did not evaluate other options.

I have been using One Identity Active Roles for almost the last two years.

My main use case of One Identity Active Roles is for user provisioning, group management, delegated administration, and handling access-related requests in a controlled and consistent manner.

A common example is managing department-based security groups. When new employees join, we use One Identity Active Roles to add them to the appropriate group based on their role, while delegated administrators can handle routine updates without needing full Active Directory administrative privilege. This helps to keep access management consistent and reduce dependency on the IT team for everyday requests.

Besides user and group management, we also use One Identity Active Roles for delegated administration and access governance. It helps us to standardize Active Directory tasks, reduce manual changes, and maintain better control over who can perform specific administrative actions.

The features I find most valuable in One Identity Active Roles are delegated administration, workflow automation, and role-based access control. These features help reduce manual Active Directory management, improve governance, and allow different teams to handle routine tasks without requiring full administrative privileges.

One Identity Active Roles has a positive impact on our organization by improving the efficiency and consistency of our Active Directory operations. It reduced manual administrative work, improved delegation of routine tasks, and provided better control over access management. As a result, administrative processes became more streamlined and easier to govern.

One noticeable outcome was a reduction in the time spent on routine Active Directory tasks. Delegation and automation helped teams to handle common requests more efficiently without involving senior administrators. We also saw fewer administrative errors because user and group management follows standardized processes. In addition, audit and access review activities became easier due to better visibility into changes and permissions.

Another feature I need to add is that the auditing and reporting capability provides better visibility into administrative changes and helps us during compliance and review troubleshooting. I also appreciate that One Identity Active Roles centralizes many Active Directory management tasks, making administration more organized and consistent across the different teams.

One area for improvement in One Identity Active Roles would be reporting and dashboard customization. While the available reports are useful, having more flexible and easier-to-build reports would help administrators to get insights more quickly. I would also like to see a more modern user interface and better visibility into complex workflow and delegated admin permissions, especially in larger Active Directory environments.

Another improvement I would like to see is better troubleshooting capability when dealing with complex delegation models or workflow-related issues. Identifying the root cause can sometimes take longer than expected. I would also welcome more built-in guidance and recommendations for administrators, especially when managing large environments with multiple teams and permission structures.

I have been working in my current field for the last three to four years.

One Identity Active Roles has been a very stable platform. We use it regularly for provisioning users, group management, and delegated administrator-related tasks, and it performs very reliably without any doubt, with very few operational issues. Most of the challenges were related to workflow configuration or process changes rather than the product's stability itself.

From my perspective, One Identity Active Roles can scale well as the environment grows. We were able to support an increasing number of users, groups, and administrator requests without significantly changing our management processes. The delegation and automation features help maintain efficiency even as the Active Directory environment expanded.

The customer support is very good. Sometimes we face some issues from customer support, but that is part and parcel of life, so that is not a big challenge. Overall, it is good.

We were using a different solution before choosing One Identity Active Roles. We were using PowerShell for the administrative tasks. We switched because we needed better delegation, centralized management, automation, and governance. As the environment grew, managing everything through native tools became more time-consuming and harder to control consistently.

Our experience with pricing and licensing for One Identity Active Roles is generally positive. One Identity Active Roles is enterprise-focused, so the investment is justified when you need strong delegation, automation, and governance capabilities. From a setup perspective, installation was straightforward. Most of the effort went into planning the administrative role and delegation models and workflow rather than the technical deployment itself.

I would describe the integration of One Identity Active Roles with my existing IT infrastructure and directory services as fairly straightforward since our environment was already centered around Active Directory. Connecting One Identity Active Roles to existing Active Directory services was relatively smooth. Most of the effort was focused on defining the delegation model, workflow, and administrative roles rather than the technical integration itself. Our deployment fit well with our existing infrastructure.

We have seen a positive return on investment from One Identity Active Roles. The biggest benefit has been the time savings through the delegation and automation of routine Active Directory tasks. For example, password resets, user updates, and group membership changes can be handled by delegated teams without involving senior administrators. This reduces administrative workload, improves response times, and allows the IT team to focus on other strategic activities.

We were evaluating more options including Microsoft Identity Manager and SailPoint IdentityIQ before choosing One Identity Active Roles. We chose One Identity Active Roles because of its integration, delegating administration, and automation capabilities. This integration is very smooth, which is why we chose this solution.

Delegated administration has had the biggest impact for me. It allows routine tasks such as password resets, account updates, and group membership changes to be handled by the support team without granting full Active Directory administrative rights. In day-to-day work, this reduces the number of requests reaching the IT team and helps us to focus on more complex administrative and infrastructure tasks.

In my experience, the output from One Identity Active Roles has been reliable and consistent. User provisioning, group management, and delegated administration tasks generally work as expected when the policies and workflows are configured correctly. From an automation perspective, the platform relies more on predefined roles and automation than AI-driven decision-making. Because of that, the results are predictable and dependable, which is important for identity and access management operations.

In our environment, One Identity Active Roles is deployed in a hybrid environment. The solution is hosted within our on-premises infrastructure and integrated with cloud services where needed. This approach allows us to maintain control over Active Directory administration while supporting broader hybrid identity requirements.

As a part of our hybrid environment, we primarily use Microsoft Azure. It integrates well with our Active Directory and identity management infrastructure, making it easier to support both on-premises and cloud-based resources. Azure has helped maintain a consistent approach to identity access management and governance across the environment.

We do not apply fine-grained policies.

My impression of the automation capabilities provided by One Identity Active Roles is positive. They help reduce manual Active Directory administration and ensure that routine tasks follow consistent processes. For example, user onboarding can be automated so that new accounts are created with the correct attributes, group memberships, and permissions based on a predefined role. This saves time and reduces the chances of configuration errors.

One Identity Active Roles helped reduce both the complexity and workload of Active Directory administration. Routine tasks such as user provisioning, group membership updates, and account maintenance become more structured and easier to manage. As a result, administrators spend less time on repetitive tasks and more time on high-priority projects, while also reducing the risk of manual errors.

I would definitely refer my friends and colleagues to One Identity Active Roles to whoever wants to reduce the administrative load. My advice would be to start with a clear delegation and strategy and governance model before implementation. This will help to ensure that the administrative responsibilities and access controls are properly defined from the beginning. I would also recommend starting with core use cases such as user provisioning and group management, then expanding into more advanced automation workflows as the team becomes familiar with the platform.

We are only a customer of One Identity Active Roles. I would rate this product overall as an 8 out of 10.

My main use case of One Identity Active Roles is managing user life cycle activity in Active Directory on a daily basis. I use it for user provisioning, group membership management, delegated administration, and handling access-related requests while maintaining governance controls.

Besides user provisioning, I also use One Identity Active Roles for delegated administration and access governance. It helps me to control who can perform specific tasks without granting broad administrative rights, which has been useful for maintaining security and operational consistency.

The features I found most valuable in One Identity Active Roles are delegated administration, workflow-based automation, and role-based access control. These features help streamline Active Directory management while maintaining better control over administrative permissions and access requests.

Workflow automation helped by reducing the number of manual steps involved in routine AD tasks. For example, when a new user request comes in, the approval and provisioning process follows a predefined workflow instead of relying on emails and manual coordination. This made requests more consistent and reduced the chances of missing important access assignments or approvals.

The auditing and reporting capability is worth mentioning. It gives better visibility into administrative changes and helps during the access review or audit activity. I also appreciate how the platform centralizes many AD management functions.

One area for improvement would be troubleshooting and reporting. When dealing with complex workflows or delegated permissions, identifying the root cause of an issue can sometimes take longer than expected. I would also like to see a more modern administrative experience and greater visibility into workflow activities to make day-to-day management easier.

Another improvement I would like to see is better visibility into delegation and access relationships. In larger environments with multiple teams and administrative roles, it can sometimes be difficult to quickly understand why a user has a particular permission or access level.

I have been working in my current field for the last three years.

One Identity Active Roles has been a stable platform in my experience. I use it regularly for user management, delegation, and access-related tasks, and it performs reliably in day-to-day operations. Most issues I encountered were related to workflow configuration or process changes.

From my experience, One Identity Active Roles scales well as the environment grew. I was able to manage an increasing number of users, groups, and administrative requests without significant changes to my processes. Features like delegation and automation helped support growth while keeping administration manageable and consistent.

My experience with customer support has been positive overall. The support team was generally responsive and had a good understanding of Active Directory, delegation, and workflow-related issues. For more complex cases, resolution times sometimes required escalation, but the guidance provided was usually helpful and technically sound.

Before One Identity Active Roles, I primarily relied on the native Active Directory administration tools and PowerShell scripts for user and AD group management. I switched because I wanted a more centralized approach with delegation, automation, and governance. As the environment grew, managing permissions and administrative tasks manually became harder to maintain consistently.

I found the integration fairly straightforward because my environment was already centered around Active Directory. The core connectivity and synchronization were not difficult to establish. Most of the effort went into designing the delegation model and approval workflows to align with the existing operational processes rather than the technical integration itself.

The ROI was mainly seen in time savings and operational efficiency rather than directly reducing headcount. Routine tasks such as user provisioning, account maintenance, and access requests require less manual effort than before the implementation. I also saw fewer escalations to the AD team because delegated administration allowed support teams to handle common requests independently, which improved overall productivity.

I evaluated a few alternatives including Microsoft Identity Manager and SailPoint. I ultimately chose One Identity Active Roles because it aligned well with my Active Directory-focused environment and offered a good balance of delegation, automation, and governance capabilities without adding too much operational complexity.

One outcome I noticed was a reduction in manual AD administration. Routine tasks such as user account management and group updates became more structured, which helped reduce configuration mistakes. I also found that access reviews and audit preparation became easier because administration changes were centrally managed and easier to track.

In my environment, One Identity Active Roles is deployed in a hybrid setup. The application runs on virtual servers in my on-premises data center while supporting identity management processes that interact with my cloud services. This approach works well because it allows me to maintain control over the Active Directory administration.

As part of my hybrid environment, I primarily use Microsoft Azure since my infrastructure is closely aligned with Active Directory and Microsoft services. Azure integrates well with my identity and access management processes. It allows me to support both on-premises and cloud-based identity requirements.

I have used fine-grained permission control in One Identity Active Roles. It was particularly useful for delegating specific administrative tasks to support teams without granting full Active Directory administrative rights.

I would rate this review a nine out of ten.

One Identity Active Roles serves as our absolute main solution for automating the entire user life cycle from day one onboarding to offboarding while enforcing strict role-based access. Before this implementation, we were drowning in manual tickets for setting up accounts, assigning groups, and provisioning mailboxes across our hybrid and Entra setup.

A classic scenario we deal with all the time involves departmental transfers. When an employee moves from finance to marketing and HR updates their department code, One Identity Active Roles automatically triggers a workflow that handles the transition overnight. This immediately revokes their finance-specific AD groups, strips their access to restricted financial folders, provisions them into the correct marketing distribution list and Entra ID roles, updates their manager attribute, and updates information in their company directory without any manual intervention. At the end, it sends an automated notification to their respective managers to confirm whether the access swap is completed. This entirely prevents privilege creep where moving departments causes people to accumulate leftover permissions.

One major benefit of One Identity Active Roles for our main use case is how much it simplified our compliance audits. Before we deployed it, trying to track down who granted specific permissions or why a user was added to a privileged group meant digging through endless active AD logs. Now One Identity Active Roles acts as a single choke point for all modifications, so everything is centralized and tracked automatically.

The absolute best features One Identity Active Roles offers include a fine-grained delegation policy framework that allows our regional IT teams and help desks the exact access they need to do their jobs without handing over broad, risk-native AD permissions. Close behind that is a workflow automation engine which handles our multi-stage approvals seamlessly.

We also heavily rely on the automated de-provisioning feature which ensures that when someone leaves, their access across on-prem and AD, Exchange, and Entra ID is instantly and cleanly stripped. Having all of this managed from a single web interface instead of hopping between multiple Microsoft consoles is a massive win for our daily operations.

Before we implemented One Identity Active Roles, our regional IT teams often needed domain admin or account operator rights just to perform routine tasks like modifying local group membership or updating specific user attributes, which was a massive security risk because the native AD did not give us the granular control to avoid it. Now we use the delegation policies to restrict them strictly to their own organizational units.

One Identity Active Roles has proven to be the absolute best product on the market for what it does, so we do not have any major complaints about it. It handles our hybrid AD and Entra ID environment so cleanly that it is tough to find a fault within the core product.

If I had to identify areas for improvement, I would note that when you start building highly advanced multi-stage approval workflows, the logic can get a bit complex and requires a solid understanding of the tool to maintain. Additionally, because it is so powerful, managing a massive library of custom scripts over several years takes more disciplined governance to keep things organized. However, in terms of out-of-the-box capability, scalability, and daily reliability, it is pretty much unmatched compared to its competitors.

One Identity Active Roles is very stable across multiple tiers. As more employees are added, we do not have to manage each of them individually. The scripts and automated One Identity Active Roles directory features take the workload out of our hands, effectively doing everything we described earlier, and each one takes the same amount of time regardless of the scale we are discussing.

We chose One Identity Active Roles because of its maturity and enterprise stability, as our roadmap was heavily anchored in a complex hybrid Microsoft ecosystem. One Identity Active Roles gave us absolute confidence that it could handle the deep attribute level security proxying without breaking a sweat, backed by broader enterprise support of One Identity fabric.

One Identity Active Roles' scalability is one of its strongest arguments due to its horizontal scale via proxy architecture. It scales out horizontally by utilizing multiple independent One Identity Active Roles administrator service hosts, allowing administrator and help desk operators and automated workflows to interact with the ARS proxy servers rather than hitting domain controllers directly, enabling user concurrency to scale indefinitely.

A few data configurations are required to maintain speed, such as keeping within the 1 ms latency rule and ensuring parallelism. In short, One Identity Active Roles scales beautifully to handle massive enterprise workloads with its ultimate ceiling determined entirely by how well you architect and tune its underlying SQL backend.

Overall experience with One Identity Active Roles customer support has been highly solid and technically competent. For standard support and routine inquiries, standard configuration or native Active Directory integration questions, the engineers are incredibly knowledgeable, usually rating a 9 out of 10 for technical insight.

However, there are edge cases where if you are dealing with complex and highly customized scripts inside an event-driven automation workflow or troubleshooting a bizarre synchronization error deep within your Microsoft Entra ID tenants, you can expect some delay because they really want to structure the escalation process to senior product engineers who understand the underlying database hooks. Their SLA responsiveness and severity tiers are incredible, using configuration questions to pinpoint the problem we are experiencing and curating their responses accordingly.

One Identity support portal is heavily built around a robust self-service model, and their knowledge base, release notes, and community forums are heavily populated and frequently updated.

Before One Identity Active Roles, we did not actually use a commercial third-party identity and access management software. Instead, we relied on a complex web of native Microsoft management tools combined with an extensive library of homegrown PowerShell scripts.

The integration process of One Identity Active Roles with our existing IT infrastructure and directory services was remarkably straightforward, mostly because One Identity Active Roles is built from the ground up to sit naturally on top of Microsoft architecture. Since we already had a well-defined Active Directory structure and established OU layout, the core deployment did not require us to tear down or re-engineer any of the existing infrastructure.

One Identity Active Roles basically overlays onto your directory, acting as a secure proxy layer rather than a disruptive overhaul. The initial setup for standard synchronization and basic policy enforcement took just a couple of weeks to get completely up and running. The majority of your time and effort is not technical friction with the product itself, but mapping out your business logic and defining your approval lines and planning your delegation roles before configuring them.

The return on investment from One Identity Active Roles has been incredibly clear and measurable for us. The time reclaimed by Tier 3 engineers is about 15 to 20 hours every single week for our senior systems and security engineers. The efficiency in user provisioning and offboarding, which used to take almost 24 to 48 hours due to a multi-step process, is now down to just 5 minutes, which is incredible for how it closed down the gap.

The help desk resolution speed for basic Tier 1 requests, including password resets, group modifications, and profile attribute updates, is now resolved on the very first call because we safely delegated these tasks to help desk through clean access templates, resulting in a nearly 80% drop in ticket escalation queues.

Our experience with the pricing, setup cost, and licensing of One Identity Active Roles reflects the platform's status as an enterprise-grade premium product. One Identity structured the Active Roles licensing per enabled user, making this model incredibly scalable and predictable since it only counts active enabled user accounts, meaning we are not paying for disabled accounts, service accounts, or the administrative overhead for Tier 1 and Tier 3 teams.

While the software installation process itself is very straightforward, the true setup cost is heavily tied to professional services and implementation. Because the tool is highly customizable, you will likely want to budget for One Identity professional services or a certified implementation partner during the initial phase.

Although the upfront capital expenditure for licensing and implementation services was a significant investment, the operational savings shifted from the bottom line almost immediately. By automating users' life cycle management and safely delegating tasks to Tier 1 support, we drastically reduced the workload for administrative personnel. The hours saved by Tier 3 engineers alone, around 15 to 20 hours every week from AD maintenance, allowed us to recoup our initial setup and licensing costs well ahead of schedule.

Before deciding on One Identity Active Roles, we evaluated multiple software solutions, including ADx by Softerra and ManageEngine ADManager Plus.

If you are in the position we were in a few years ago, stuck maintaining an ungodly amount of fragile custom PowerShell scripts and constantly stressing over broad AD permissions, One Identity Active Roles is a fantastic move. I advise fixing your business logic before you touch the software, as One Identity Active Roles is an incredibly flexible tool, but it will automate exactly what you tell it to do. If your organization's current identity life cycle process is messy, manual, and full of special exceptions, automating them will only create a faster automated mess.

I would advise sitting down with HR, security, and your regional IT leads before you start configuring workflows. Standardize exactly what happens when a user is hired, transferred, and terminated, and map out your approval chains on a whiteboard first. Once your business rules are clear on paper, plugging them into One Identity Active Roles engine is incredibly smooth.

Do not drop the One Identity Active Roles database onto a generic, over-located, shared SQL cluster. Treat it like a Tier 1 critical application. Leverage virtual attributes to protect the core schema by creating them as virtual attributes for custom fields to track employee IDs, contractor's end dates, or specific HR flags for automation, which keeps your native AD schema pristine and protects against accidental schema corruption. Finally, budget for professional services or training upfront, and plan your web interface views by persona, ensuring to build distinct web profiles tailored specifically to different personas to reduce human error and cut training time for junior staff to zero. I would rate this product a 10 out of 10 based on my overall experience.

Our main use case for One Identity Active Roles is Active Directory administration and user lifecycle management, and we use it to create, modify, disable, and manage user accounts, groups, and permissions in a controlled and standardized manner, which improves security and reduces the risk of manual error when managing the Active Directory environment.

A good example of how we use it for user lifecycle management is user onboarding, where instead of manually creating accounts and assigning permissions in Active Directory, One Identity Active Roles automation automates the process using predefined templates and workflows, saving time, reducing errors, and ensuring users receive the correct access from day one.

Another benefit of our main use case with One Identity Active Roles is delegated administration, which allows different teams to perform specific tasks without needing full Active Directory access, improving security and making administration much easier while helping with auditing and change tracking.

The best features of One Identity Active Roles include user lifecycle management, delegated administration, automation, and role-based access control, where user lifecycle management helps to standardize and automate tasks, and delegated administration allows teams to perform specific tasks without giving them full Active Directory privileges, thus improving both security and operational efficiency.

For one example regarding how automation and role-based access have helped my team, the user onboarding process used to involve the administrator manually creating accounts, assigning groups, and configuring permissions; however, with One Identity Active Roles, the process can be standardized through workflows and templates, which reduces manual effort, speeds up provisioning, and ensures users receive the correct access from the start, while I also appreciate the auditing and change tracking capabilities for visibility into who changed what and when, which aids troubleshooting, compliance, and overall governance in our Active Directory environment.

One Identity Active Roles has positively impacted our organization by making Active Directory management much more efficient, reducing manual work, improving control over permissions, and providing better visibility into changes, which has helped both security and compliance efforts.

The main improvement I would like to see for One Identity Active Roles is a more modern and intuitive interface, along with more customizable reporting and dashboards to enhance our experience with the platform.

I would appreciate more integration with other identity and security tools, alongside more flexible reporting and dashboards to improve the functionality of One Identity Active Roles while we have not faced major performance issues.

I have been using One Identity Active Roles for approximately one year.

I have not used the AI-specific capabilities extensively, but the overall output from One Identity Active Roles has been accurate, and we still perform reviews for important changes; however, I find the system to be consistent and dependable.

I rate One Identity Active Roles a 9 out of 10 because it has helped simplify Active Directory administration, improve security, delegate access, and reduce manual errors through automation, making it a reliable and valuable solution for identity and access management.

I chose 9 out of 10 because it is a reliable and feature-rich solution that has enhanced efficiency and security for my team, while to reach a perfect 10, I would like to see a more modern interface, improved reporting, and additional integrations with other platforms.

From my experience with One Identity Active Roles, governance and security are some of the strongest aspects of the platform because it provides role-based access control, delegated administration, and detailed auditing to ensure that administrative activities are properly controlled and monitored, and while I have not extensively utilized specific AI-driven capabilities, the overall security model helps reduce the risk of unauthorized changes and improves visibility into who performs what actions.

I utilize One Identity Active Roles in an on-premises environment that is integrated with our Active Directory infrastructure, so it primarily operates within our on-premises setting.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has helped us enforce least privilege access by allowing users to perform only the tasks relevant to their role, notably enabling the help desk team to manage passwords and user accounts without requiring full Active Directory administrative rights, thereby improving security and control.

I assess the integration of One Identity Active Roles with our existing IT infrastructure and directory services as manageable, as it has facilitated effective implementation of least privilege access by allowing us to delegate specific tasks to different teams without granting full administrative rights, thus enhancing security and reducing risk. My overall review rating for One Identity Active Roles is 9 out of 10.

One Identity Active Roles is our main solution for Active Directory administration and user life cycle management. In day-to-day operation, I primarily use it for onboarding and offboarding users, managing group membership, handling access requests, and delegated administration.

One Identity Active Roles enforces consistency in Active Directory administration. Before implementation, different administrators sometimes followed different processes for account creation or access changes. With One Identity Active Roles, workflows and policies help standardize those activities. It also gives us better visibility into who made changes and when, which has been useful during access reviews and audit-related activities.

The features that stood out most for me in One Identity Active Roles are delegated administration, automation, and role-based access control. Delegated administration made a big difference because it allowed the service desk to handle routine tasks such as password resets, account unlocks, and certain group management activities without giving them full Active Directory administrative rights. Automation was also valuable for onboarding and offboarding processes, helping reduce manual effort and maintain consistency. Another feature I found useful was the auditing capability since it provided better visibility into who made changes and helped during access reviews and compliance checks.

Automation had a noticeable impact on our team's efficiency because it reduced the amount of repetitive Active Directory work. Before One Identity Active Roles, user provisioning and access changes often involved multiple manual steps and validation checks. For example, onboarding required administrators to manually create accounts, assign groups, and verify permissions. With the automated workflow, much of that process became standardized, which reduced administrative effort and helped avoid administration mistakes. It also meant the Active Directory team spent less time on routine requests and more time on governance, access reviews, and improvement initiatives, although automation did not eliminate all manual work.

One of the biggest positive impacts of One Identity Active Roles was bringing more control and consistency to Active Directory. Before implementing it, many user and access management tasks relied heavily on manual processes and experienced administrators. With One Identity Active Roles, many of those activities became standardized through workflows, delegated administration, and role-based access control. From an operational perspective, it improved turnaround times for common requests, reduced the risk of unauthorized changes, and gave us better visibility into administrative activities.

From a governance and security perspective, I think One Identity Active Roles is one of the stronger areas of the product. It helps enforce role-based access control, delegated administration, and least privilege principles much more effectively than relying on native Active Directory administration alone. We had better control over who could perform specific tasks, and administrative activities were easier to audit and review. In terms of artificial intelligence capability, I would not say artificial intelligence is currently a major strength of the product. Most of the value comes from the policy-based automation, workflows, and governance controls rather than advanced artificial intelligence-driven decision-making.

One area where One Identity Active Roles could be improved is troubleshooting and visibility. As environments grow and workflows become more complex, it can sometimes take time to determine why a specific permission, workflow, or delegated task is not behaving as expected. I also think the reporting experience could be more flexible, especially for organizations that need customized governance and audit reports. Overall, One Identity Active Roles is strong in its core functionality, but improvements in user experience, reporting, and troubleshooting would make administration easier.

One additional improvement I would mention is around hybrid identity and cloud integration. Many organizations today are managing both on-premises and cloud environments. Having deeper visibility and governance across those environments from a single interface would be valuable. Another area is workflow management. While the flexibility is powerful, maintaining and troubleshooting complex approval workflows can sometimes become challenging as organizations grow and requirements evolve.

I have been working in my current field for the last seven years.

One Identity Active Roles has been a stable platform overall in my experience. We use it for daily Active Directory operations, delegated administration, and user life cycle management, and it has performed reliably without causing major operational issues.

One Identity Active Roles scaled well from my experience, especially in an organization with a large Active Directory environment. As our user base, groups, and administrative requests grew, we were able to continue using the same platform without significantly changing our operational model. Features such as delegated administration and automation helped us absorb that growth without putting additional pressure on the Active Directory team.

My experience with customer support was generally positive. For routine issues and product-related questions, the support team was knowledgeable and usually able to point us in the right direction fairly quickly. We especially found them helpful during implementation when working through delegation workflow-related configuration questions.

I would rate customer support eight out of ten. The support engineers generally had good product knowledge and understood Active Directory delegation models and workflow-related issues well. In most cases, we received useful guidance without extensive back-and-forth.

Before implementing One Identity Active Roles, we primarily relied on native Active Directory tools, such as Active Directory Users and Computers, along with PowerShell scripts for user provisioning and access management. As the environment grew, managing delegated permissions, user life cycle processes, and ensuring a consistent audit trail with this manual system became increasingly difficult. Different teams were following different processes, and it was challenging to maintain consistent governance.

I would describe the integration as moderately easy. Since our environment was already heavily based on Active Directory and Microsoft technologies, the core integration was fairly straightforward. The basic setup, user provisioning, delegated administration, and role-based access control configuration were not particularly difficult. Most of the effort went into planning the delegation model, approval workflows, and ensuring they aligned with our existing operational processes.

I would not say it reduced the number of employees, but it definitely helped the existing team handle a higher volume of work more efficiently. Before One Identity Active Roles, the Active Directory team was spending a significant amount of time on routine activities such as account provisioning, group membership updates, and access-related requests. After introducing automation and delegated administration, many of those requests could be handled by the service desk or proceeded through a standardized workflow.

My experience with pricing, setup costs, and licensing was generally positive, although the product is definitely more suited for medium and large enterprises than smaller environments. The licensing and initial setup cost required justification upfront, but the value became clearer once we started using the automation, delegated administration, and governance features at scale. From the setup perspective, the technical installation was not the most challenging part. The bigger effort was planning and delegation.

We did look at a few alternatives before selecting One Identity Active Roles. The main ones were Microsoft Identity Manager and SailPoint IdentityIQ. Microsoft Identity Manager was already familiar from our Microsoft ecosystem perspective, while SailPoint offered strong identity governance capabilities. However, for our requirements, One Identity Active Roles provided a better balance between Active Directory administration, delegated access management, automation, and governance.

My advice to organizations looking into One Identity Active Roles is to spend time understanding your Active Directory structure, delegation requirements, and access governance processes before implementation. One Identity Active Roles delivers the most value when you have clear ownership of administrative tasks and well-defined access policies. If these processes are not documented, it is worth first addressing these before purchasing the product. I would rate this review nine out of ten.

We are using One Identity Active Roles to simplify our Active Directory administration, such as controlling delegation access and automating routine tasks including user management activities.

One Identity Active Roles offers many valuable features that function very smoothly, including delegation administration, automated user management, approval workflows, and auditing details. These are the best features based on my experience.

What stands out the most in One Identity Active Roles is its ability to securely delegate routine Active Directory tasks without granting full administrative privileges. Combining this with automation and policy-based control really helps us reduce manual efforts.

One Identity Active Roles has positively impacted many areas within our organization by simplifying Active Directory administration and reducing manual efforts. It improves operational efficiency with the help of automation and delegated administration, leading to very positive outcomes.

In terms of governance and security, One Identity Active Roles provides very valuable add-on features, offering strong governance while not being heavily AI focused. It helps us enforce least privileged access and improves accountability while mitigating the risk of unauthorized changes within our Active Directory environment.

The accuracy and reliability of output from One Identity Active Roles are very high, as it provides very accurate results.

We use the fine-grained permission control feature of One Identity Active Roles, which has been very effective in supporting our least privilege strategy. For example, help desk staff can perform password resets and account unlocks without receiving full Active Directory administrative rights, providing security and reducing the number of highly privileged accounts in the environment.

My impression of the automation capabilities of One Identity Active Roles has been very positive. User account creation, group membership assignments, and account updates can be automated through predefined policies and workflows, allowing the correct attributes, permissions, and groups to be applied automatically based on organizational requirements.

One Identity Active Roles helps improve our compliance processes by enhancing control, visibility, and accountability within Active Directory, strengthening governance, and simplifying the audit and compliance process.

I believe the initial setup could be more simplified to allow for better and faster deployment.

I have been using One Identity Active Roles for almost two years.

One Identity Active Roles is a stable solution.

One Identity Active Roles is a very scalable solution that can handle organizational growth over time.

Customer support for One Identity Active Roles is very responsive and effective. Whenever we face technical issues, we raise a ticket and they are ready to provide support.

I believe the initial setup could be more simplified to allow for better and faster deployment.

We are seeing a very good return on investment with One Identity Active Roles by reducing manual efforts, which in turn saves us time and money. This solution provides a significant benefit, allowing us to complete tasks forty to sixty percent faster than before.

My advice to any organization considering using One Identity Active Roles is to deploy it, as it will be a great decision. During the deployment phase, I recommend identifying the Active Directory tasks that consume the most administrative time and focusing on automating those processes while taking advantage of all the useful features. I rate One Identity Active Roles nine out of ten because it is a very powerful solution providing great features and a smooth operational process.

My main use case for One Identity Active Roles is user provisioning and group administration, workflow automation, access management, and employee onboarding and offboarding processes. When a new employee joins, One Identity Active Roles automatically creates the account, applies the correct policies, assigns role-based security groups, and routes approval if required.

The main focus of how I use One Identity Active Roles is user management through onboarding and offboarding, lifecycle management, access control, and reducing manual administrative effort through automation.

The automation capabilities are one of the strongest features of One Identity Active Roles. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

The main use case is automation of processes such as employee user management, onboarding, and offboarding. The automation process makes these tasks smooth and fast, allowing administrative work to be reduced and time to be saved.

The best features One Identity Active Roles offers in my experience include workflow automation, delegated administrations, user provisioning, de-provisioning, role-based access control, auditing, and hybrid Active Directory management. A workflow engine is especially valuable because it automates repetitive tasks such as onboarding, offboarding, and access requests, which saves time and reduces manual errors. I also appreciate the delegated administration features because they allow teams to handle specific tasks without giving full AD privileges, improving both security and efficiency, while the auditing and reporting capabilities are very useful for compliance.

Workflow automation has reduced repetitive manual work through onboarding, access requests, and account management, while delegated administrations allow support teams to handle routine tasks without full AD access. This has improved efficiency, reduced bottlenecks, and strengthened security through better access control and auditing.

I would like to highlight the auditing and reporting features of One Identity Active Roles because they provide good visibility into changes and help with compliance and troubleshooting. The fine-grained delegation and centralized management across Active Directory and cloud environments are also very valuable in our day-to-day activity.

One Identity Active Roles has impacted our organization positively because the biggest benefit has been reducing manual administration through automation and standardized workflows. Tasks such as onboarding, offboarding, group assignments, and access requests are now much faster and more consistent than before, thus helping create a more structured identity management process across the organization.

There are several positive outcomes since implementing One Identity Active Roles. Overall, the biggest gains have been time saving, improved consistency, reduced manual error, and better operational efficiency rather than a direct headcount reduction.

There is room for improvement in One Identity Active Roles. Based on my experience using it for the last two years, I see potential for a more modern UI, simpler workflow customization, and easier reporting. While the product is very capable, managing complex workflows and hybrid environments can sometimes require deeper expertise than expected, so better cloud integration and troubleshooting visibility would also be valuable improvements.

In terms of needed improvements, I would like to see enhancements around the reporting dashboard and cloud-focused management features. While the core functionality is strong, most of the improvements I would like to see are around usability, visibility, cloud management, and making advanced features easier to configure and maintain rather than major gaps in the product itself.

I have been using One Identity Active Roles for the last two years.

One Identity Active Roles is stable.

One Identity Active Roles is definitely scalable. I purchased this for its scalability and have seen its ability to handle increasing numbers of users, groups, access requests, and administrative tasks without major issues. The automation and delegation administration features help a lot because they reduce the workloads on administrators.

Customer support is quite good.

Before switching to One Identity Active Roles, user and access management was mainly handled through native Active Directory tools, manual processes, and a few scripts. As the environment grew, those methods became hard to manage and audit, so I adopted One Identity Active Roles to automate routine tasks, improve delegations, strengthen governance, and reduce manual effort.

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was very straightforward overall, especially because our environment was already based on Active Directory and Microsoft services. The initial integration with Active Directory was relatively smooth, and One Identity Active Roles fit well into our existing identity management process, designed to work across AD, Entra ID, and Microsoft 365, which helped simplify administrations in our hybrid environment.

I did not purchase One Identity Active Roles through AWS Marketplace, as I use AWS as a part of our hybrid cloud environment, but the licensing and procedure were done directly through our organization's standard software procurement process rather than through the AWS Marketplace.

I have seen a positive return on investment mainly through time savings and operational efficiency. While I do not have exact financial figures, a good example is onboarding and user provisioning. Before One Identity Active Roles, creating accounts, assigning groups, and validating permissions was largely manual work, taking around twenty to thirty minutes per user, but with automated workflows, that process now takes just a few minutes for standard requests.

I have utilized the fine-grained permissions control and delegated administration features quite extensively. One of the biggest impacts has been supporting the least privileged principle by allowing users and teams to perform only the specific administrative tasks they need without giving broad Active Directory access. For example, help desk teams can handle password resets and account unlocks, while application owners can manage only their own groups and resources.

In my experience, the pricing is at an enterprise level, but the setup and licensing were justified by the automation and governance features. Setup required planning and configuration, but licensing was straightforward, and the long-term operational benefits provided good value.

I evaluated Microsoft Native Active Directory tools, ManageEngine ADManager Plus, and some identity governance platforms such as SailPoint. I selected One Identity Active Roles because of its automation, delegation administration, auditing, and strong Active Directory management capabilities.

For others considering One Identity Active Roles, my advice would be to first check your user management process and how onboarding and access management would be taken care of before deployment, starting with key automation use cases. If implemented properly, One Identity Active Roles can save a lot of administrative effort while improving security and compliance, so it is important to clearly define your governance model, roles, and approval processes before deployment.

My experience with delegated administration has been very positive. Before One Identity Active Roles, most routine requests had to go through senior Active Directory administrators, which often created delays and bottlenecks. Now, with delegated administrations, I can assign specific responsibilities to help desk teams, application owners, or business units without giving them full AD privileges. For instance, help desk staff can handle password resets and account unlocks, while certain teams can manage their own group's membership, significantly improving workflow because routine requests are resolved faster, reducing the workload on senior administrators and controlling access more securely through the least privilege model.

One Identity Active Roles offers automation capabilities that are among the strongest features available. I mainly use them for user onboarding, offboarding, group assignments, and access approval workflows. For example, when a new employee joins, the account creation and non-role-based group assignments happen automatically through predefined workflows, reducing manual work, improving consistency, and helping minimize provisioning errors, making identity management much more efficient and controlled.

This review has received an overall rating of eight out of ten.

My main use case for One Identity Active Roles is automating and controlling AD user lifecycle management with delegated administrator. When a new employee joins, instead of an admin manually creating the ID accounts, assigning groups and setting permissions, One Identity Active Roles automatically takes care of the request from the HR system or service ticket, applies the naming convention and password policies, and sends approval workflows if elevated access is requested.

Integrating One Identity Active Roles with my existing IT infrastructure and directory services is a plug and play solution. I need to enter the credentials inside the AD.

My impression of the automation capabilities provided by One Identity Active Roles is positive, based on the user onboarding process automation. HR sends the request to the ticket service team, which gives the integration with One Identity Active Roles. HR alerts the support ticket administrator, who starts the process that will assign One Identity Active Roles automatically for a user based on this justification, which helps very easily.

The best features One Identity Active Roles offers include fine-grained delegated administrator, RBAC policies, lifecycle management, hybrid managed identity management, policy-based administration, and auditing, tracking, and changes.

If I have to select one feature, lifecycle management has the biggest impact because it automates user onboarding, role changes, and offboarding, making access updates faster, consistent, and less error-prone while reducing the risk of orphaned accounts.

One Identity Active Roles has positively impacted my organization by speeding up the user provisioning, reducing manual AD tickets, strengthening the security through consistent access control, and improving compliance.

Based on our analysis, the solution saves around 30 to 60 minutes of time. Ticket reduction is around 50%, and I have seen fewer access errors.

I am very happy with the solution provided by One Identity Active Roles, so there is no need for improvement at this time. In the future, there will definitely be opportunities for improvement.

I have been using One Identity Active Roles for almost one year.

Regarding One Identity Active Roles's AI capabilities, I think its governance and security are very good. If they use a third party as an AI, the security may be compromised. However, if they are using their inbuilt assistance, it gives a very good result.

Regarding One Identity Active Roles's AI capabilities, I cannot rely on the AI totally. At this time, it is 50-50 for me to give the answer because sometimes it gives me a really good answer and sometimes not the script that I have to check with them. It is very difficult to rely on the AI as well, so it is 60-40.

I haven't used the fine-grained permission control feature of One Identity Active Roles, but it is in my license. In the future, I will be deploying this solution. I rate this product an 8 out of 10.

One Identity Active Roles is used in our environment primarily for managing Active Directory operations such as user provisioning, password reset, account locks, group management, and delegated administration access.

User provisioning is a heavily utilized function, where new employee onboarding includes automatic account creation, OU placement, group membership, and permission assignment based on department or role. The service desk team manages group membership requests and access changes through delegated administration without requiring full domain admin rights, which reduces manual efforts and improves security control.

After implementing One Identity Active Roles, clear operational improvements are evident, including user provisioning time reduction from hours to minutes, a 40 to 50% drop in service desk workload, faster resolution of password reset and account-related requests through delegated administration, and fewer manual errors in group assignment and permission management.

The best feature of One Identity Active Roles is automation combined with delegated administration, which reduces repetitive Active Directory work such as user provisioning, group assignment, and account management while allowing the service desk team to handle routine tasks without granting full domain admin access.

Automation simplifies daily operations by eliminating repetitive manual Active Directory tasks including user creation, group assignment, password reset, and account disablement. Onboarding and offboarding processes become much faster because account permissions and group membership are assigned automatically based on role or department.

One Identity Active Roles has positively impacted productivity and user satisfaction by reducing delays in account provisioning, password reset, and access requests. Previously, many AD-related tasks were manual and heavily dependent on senior administrators, but after implementing automation and delegated administration, requests are completed much faster and with fewer errors.

One area where One Identity Active Roles can improve is simplifying complex workflow and approval management in large enterprise environments. Troubleshooting permission inheritance, synchronization issues, or customized workflows can still require considerable time and experienced administrator involvement.

The UI experience, easier workflow customization, and better troubleshooting visibility for complex AD and hybrid identity environments require improvement. Identifying permission inheritance issues or synchronization problems still sometimes requires manual investigation.

Complex workflow management and troubleshooting simplification in large enterprise environments remains an area for improvement.

I have been using One Identity Active Roles for two years.

One Identity Active Roles has been very stable, with no major outages or performance problems experienced during normal operation.

One Identity Active Roles handles our large Active Directory environment efficiently as the number of users, groups, and delegated administration tasks increases.

Customer support for One Identity Active Roles is generally good, with the support team demonstrating strong technical knowledge, particularly regarding AD integration.

Before implementing One Identity Active Roles, native Active Directory tools, manual administration, and PowerShell scripting were primarily used.

A good ROI was achieved with One Identity Active Roles through measurable operational improvements, including a 40 to 50% reduction in routine service desk workload.

My experience with pricing, setup cost, and licensing is generally positive for an enterprise environment, as the initial investment can feel high but provides long-term value.

Before choosing One Identity Active Roles, Microsoft Identity Manager and other tools were evaluated, with One Identity Active Roles selected for its strong integration with our existing Active Directory environment.

Fine-grained permission control in One Identity Active Roles had a strong impact on least privilege implementation in our organization, as only specific tasks and privileges were delegated to users based on their job responsibilities.

Integration of One Identity Active Roles with our existing infrastructure is relatively smooth because our environment is already heavily based on Active Directory and Microsoft technology, although the main challenge came during complex workflow customization.

The automation capabilities of One Identity Active Roles are very positive, as they reduce repetitive tasks such as automatic user account creation during new employee onboarding.

One Identity Active Roles reduces the complexity and workload of Active Directory by automating repetitive administrative tasks including user provisioning, group management, password resets, and account maintenance.

Delegated administration through One Identity Active Roles is a very positive experience because it reduces dependency on senior administrators for routine tasks.

One Identity Active Roles was purchased through another channel.

I would rate this review a 9 out of 10.