One Identity Active Roles

One Identity Active Roles  automatically creates user accounts with correct group memberships and permissions based on the department and role, which saves a lot of manual AD work during onboarding.

One Identity Active Roles is also used for auditing and approval workflows, especially for sensitive AD changes where better control and tracking are needed.

Delegated administration has made the biggest impact because it allows the different teams to manage specific AD tasks securely without giving full domain-level access.

The automation and approval workflows stand out significantly in larger environments, especially when consistency and better control over AD changes are needed.

One Identity Active Roles has positively impacted the organization by reducing a lot of manual AD administration work, improving access control, and helping standardize user management processes across the organization.

Better cloud integration and simpler reporting customizations would definitely improve the overall experience, especially in hybrid environments.

A few other IAM  and AD management solutions were evaluated before choosing One Identity Active Roles, including SalePoint, Microsoft Entra ID , and ManageEngine.

One Identity Active Roles has been a reliable solution for improving AD governance, reducing manual administration, and enforcing better access control across the environment. The overall review rating for One Identity Active Roles is 8 out of 10.

I am an end user of One Identity Active Roles  for internal access and system purposes. When I need access to an internal dashboard to analyze business data for a project, I raise a request through One Identity Active Roles . The request goes through the approval process, and once approved, I am granted access without needing to contact the IT team directly. This helps me complete my tasks on time, and the status can be easily tracked so I do not have to manually follow up. The approval workflow makes the process secure and smooth, and even though I am not from a technical background, it helps me significantly.

I use One Identity Active Roles to gain access to some particular tools that are shared among multiple interns in my company.

The best feature that One Identity Active Roles offers is the approval flow, which gives access only to authorized persons, making the process secure. The user-friendly interface allows someone without a technical background to apply for the tools needed and be given access.

The approval process makes things more secure and efficient. This process prevents unauthorized and accidental access to sensitive tools and data, which are major concerns for my company. I have been told to access some particular tools and data through that portal only.

One Identity Active Roles has made things more organized and secure across the company. It has also reduced the need to contact IT administrators directly, saving time for both me and the IT staff. During the orientation program, I was informed that the use of this tool has reduced the IT team's workload. Previously, the IT team needed to provide the tool and monitor who was using it, but now with this tool, they do not have to specifically check on who is accessing the tools and data.

The IT team has reduced their workload by around four hours, although I do not know the specific hours saved. Access to the tools has become much faster; as soon as I apply, it goes through the approval process, and if the tool is required, then access is provided to me or any other IT intern.

One Identity Active Roles could be improved by speeding up the approval process, especially for urgent access requests. Sometimes I need urgent approval, and then I have to call the IT team to manually pass my approval. An option to flag that I need the tool urgently would help the IT team know to expedite that approval in the future. I have seen times when I need a tool urgently, but the process takes time.

The dependency on approval sometimes causes delays, which can slow down urgent work that I am doing, particularly as my position as an intern has been growing.

By the first of May, it has been approximately two months since I have been working in my current field.

One Identity Active Roles is quite stable, and I have not seen any downtime or crashes in my use case.

One Identity Active Roles is a great tool, pretty scalable, and stable for the daily purposes we are using it for. It can be easily deployed in the company, and it is a stable solution for non-technical users like myself.

I received one or two days of training to use all One Identity tools utilized in my company, such as One Identity Active Roles, One Identity OneLogin , and Safeguard Manager, which are all great tools. I would rate this review a 7.5 out of 10.

One Identity Active Roles  is used primarily for managing Active Directory, including user provisioning and group management. When a new employee joins, I use One Identity Active Roles  to automatically create their AD account, assign them to groups, and apply policies, all with proper approvals.

Apart from basic user provisioning, I use One Identity Active Roles daily for managing and controlling Active Directory permissions in a structured way.

The best features One Identity Active Roles offers are delegated administration and automation, which stand out the most because they reduce admin workload and improve security. Delegated administration and automation significantly reduce admin workload while improving security and control.

For example, HR or help desk can create or modify users, but only within defined limits - they cannot make critical changes outside their scope.

One Identity Active Roles reduces the risk of misuse or accidental changes, and a workflow benefit is that the centralizing IT team does not handle every request. One Identity Active Roles has had a very positive impact on the organization, especially in terms of security and control over Active Directory.

I have utilized the fine-grained permission control feature of One Identity Active Roles, and it has significantly helped implement least privilege principles. Instead of giving broad admin rights, very specific permissions are assigned based on roles, tasks, and need-to-know access. One Identity Active Roles has had a strong positive impact on the organization's compliance efforts. All changes in AD are logged and traceable, which helps during audits. Fine-grained permissions ensure users only have the access they need, while naming conventions, access roles, and security policies are automatically enforced.

One Identity Active Roles is very useful, though there are a few areas where it could be improved, such as the user interface, policy creation, and reporting - it requires good knowledge of Active Directory. The UI can feel outdated and not very intuitive for new users, and the learning curve is steep. Sometimes there can be slight delays when handling large-scale operations, and the reporting needs to be more helpful for audits.

I have been using One Identity Active Roles for around six months.

One Identity Active Roles is generally a stable and reliable solution based on my experience.

One Identity Active Roles is highly scalable and works well in both medium and large enterprise environments, as it can manage multiple AD domains, Azure AD  tenants, and even hybrid environments from a single console.

Customer support for One Identity Active Roles is generally good, especially for standard issues and guidance. The support team is knowledgeable about the product and AD environments, being helpful for configuration issues, troubleshooting, and best practices.

Before implementing One Identity Active Roles, I was primarily managing AD using native tools from Microsoft Management Console, such as Active Directory Users and Computers. I switched because the manual effort was too high, and there was limited delegation and no centralized control.

Integrating One Identity Active Roles with the existing IT infrastructure and directory services was relatively smooth, especially since it is designed to work seamlessly with AD on-premise. It integrates natively with the AD, so the core setup is straightforward.

A strong return on investment has definitely been seen.

My experience with pricing and licensing for One Identity Active Roles has been reasonable for an enterprise solution, but it does require proper planning. The initial setup can involve some cost in terms of time and resources, especially for configuration, policy design, and integration, as skilled Active Directory or IAM  professionals were required.

Before selecting One Identity Active Roles, I evaluated a few other options to compare features and fit for the requirements, such as Microsoft Identity Manager .

My impression of the automation capabilities provided by One Identity Active Roles is very positive - they significantly reduce manual effort and improve consistency. For example, when a new employee joins, I use a predefined template, and One Identity Active Roles automatically creates the user account, applies naming conventions, assigns the correct groups, and enforces policies; previously, this required multiple manual setups, but now it is done in a few clicks with consistent results.

One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks related to Active Directory. Many repetitive tasks are automated, so admins spend much less time on routine activities. Delegated administration allows other teams to handle common requests instead of escalating everything.

My experience with the delegation of administrative tasks through One Identity Active Roles has been very positive, as it has made the workflow much more efficient and controlled. It allows specific admin tasks to be assigned to different teams, so routine tasks such as user creation or password resets are handled by help desk teams, meaning requests do not need to be escalated, so turnaround time is much quicker.

My advice for organizations considering One Identity Active Roles would be to plan the implementation carefully; clearly define your requirements and decide who should have what level of access before implementing. I would rate this product an eight out of ten.

My main use case for One Identity Active Roles  is to simplify and secure the management of Microsoft Active Directory . In day-to-day work, it is mainly used for automating user lifecycle tasks such as creating, modifying, and disabling user accounts. Instead of doing everything manually, we can use workflows and policies to ensure it is done consistently.

Automation with workflows and policies in One Identity Active Roles  has really reduced the amount of repetitive manual work I used to do in Microsoft Active Directory . Earlier, tasks such as user creation were completely manual. I had to create the account, assign groups, set attributes, and double-check everything. It was time-consuming and easy to miss something. Now with workflows and policies in place, most of that is automated. For example, when a new employee joins, I just trigger the process or it comes through a request. The workflow automatically creates the account, applies the correct naming convention, assigns groups based on the role or department, and even routes approval if needed.

Along with automation and diligence, one more important thing I would highlight is governance and compliance with One Identity Active Roles. Every change in Microsoft Active Directory is tracked, so we are always having a clear audit trail. That becomes really useful during audits or security reviews because we can easily show who made what changes and when. Also, the ability to enforce least privilege access is a big advantage. Instead of giving broad admin rights, we can tightly control permissions, which reduces risk. Overall, beyond just making tasks easier, it adds a strong layer of control, security, and visibility of AD operations.

One Identity Active Roles offers a strong mix of automation, security, and control when managing Microsoft Active Directory. Some of the best features from my experience are delegation with least privilege. Instead of giving full access to admin, we can assign very specific permissions. That improves security and reduces risk. Second would be automation with workflows and policies. Routine tasks such as user creation, group assignments, and provisioning are automated, which saves time and ensures consistency. Third would be centralized management. We can manage multiple Active Directory domains, Azure AD , and even Microsoft 365 from one place, which simplifies administration. Fourth would be dynamic group management. Groups can be managed based on rules instead of manual updates, which is very helpful in large environments. And lastly, auditing and reporting. It tracks all changes, so we know who did what and when, which is important for compliance and troubleshooting.

Both centralized management and dynamic group management have made a big difference for our team while using One Identity Active Roles with Microsoft Active Directory. With centralized management, earlier we had to jump between different tools or consoles to manage users across domains or services. Now everything is available in one place. Whether it is user accounts or groups or permissions, we handle it from a single interface. A good example is during bulk onboarding. Instead of coordinating across multiple admins or tools, one person can manage everything end to end, which saves time and avoids confusion. Coming to dynamic group management, this has really reduced manual effort. Earlier, whenever someone changed departments or roles, we had to manually update their group memberships. That was not only time-consuming but also error-prone. Now groups are based on rules, department, or job title. So if a user attribute changes, their group membership updates automatically. For example, if someone moves from sales to marketing, they automatically get removed from sales-related access and added to marketing groups without any manual intervention.

Along with centralized and dynamic management, one feature I really find valuable in One Identity Active Roles is the approval workflow and auditing capabilities. For sensitive changes such as modifying group membership or access rights, we can enforce approvals before anything is applied. That adds an extra layer of control. At the same time, everything is logged. So in Microsoft Active Directory, we always have a clear audit trail of who made what changes and when. This is especially helpful during audits or when troubleshooting issues. Overall, beyond just making administration easy, these features help ensure proper governance, accountability, and security.

Overall, One Identity Active Roles is a very powerful tool, but there are definitely areas where it can be improved. One area is the user interface. It can feel a bit outdated and not as intuitive, especially for a new user. A more modern and user-friendly UI would improve adoption and reduce the learning curve. Another improvement area is integration and cloud support. While it works well with on-premises Active Directory, integration with Azure AD  and other cloud systems can be better and more seamless. Also, dynamic group processing and performance can sometimes be challenging in large environments, especially when there are complex rules. Optimizing performance in such cases would help. From a governance perspective, features such as attention and certification could be stronger as they are important for compliance-heavy environments. Lastly, improving integration with third-party systems and simplifying customization would make it easier for organizations to adapt it to their needs.

Along with UI and integration, I think One Identity Active Roles could improve in a few operational areas. One is reporting and dashboards. While auditing is strong, the out-of-box reports can be a bit limited or not very visual. A more customizable and user-friendly dashboard would help teams quickly get insights without extra effort. Another area is troubleshooting and error visibility. Sometimes when workflows or policies fail, the error messages are not very clear, so it takes time to identify the root cause. Better logging and clearer error messages would make support easier. Also, upgrades and maintenance can be a bit complex. Simplifying  version upgrades and reducing downtime would be beneficial, especially in large environments. Finally, training and documentation for new users could be improved. Since the tool is quite powerful, having more straightforward guides or built-in help would reduce the learning curve for new admins.

Some additional improvements I would suggest include better cloud-native capabilities. As organizations move more toward cloud-first strategies, having stronger native support beyond Microsoft Active Directory would be helpful. Simplified customization is another area where, while the tool is powerful, customizing workflows or policies can sometimes be complex. Making this more low-code or user-friendly would improve productivity. Lastly, faster performance in large environments would also help because in environments with many objects and complex rules, performance tuning can be challenging. Overall, it is a very solid and reliable solution, especially for AD management, but enhancing cloud readiness, usability, and performance would take it to the next level.

I have been using One Identity Active Roles for more than a year now.

Overall, One Identity Active Roles is considered a stable and reliable solution based on both my experience and industry feedback. It is generally rated quite high for stability. Many users rate it around seven to nine out of ten. In day-to-day operations, it performs consistently, especially for core functions such as automation, delegation, and policy enforcement. There is typically no major downtime, and it handles routine Active Directory operations smoothly.

I would say One Identity Active Roles is highly scalable, especially for medium to large enterprise environments. It is designed to manage multiple domains, users, and even hybrid environments from a single platform. It can scale horizontally by adding more servers such as multiple administration services and handle large volumes of users and groups effectively. For example, it supports managing multiple Active Directory domains, Azure AD tenants, and even cloud integration from one console, which makes it suitable for growing organizations. Scalability also depends on proper design such as SQL performance, network latency, and the complexity of your workflows or dynamic groups in a very large environment. You may need tuning to maintain performance. Overall, it scales very well, but as an enterprise tool, it needs proper architecture planning as well.

My experience with customer support for One Identity Active Roles has been generally positive. The support team from One Identity is knowledgeable and understands the product well, especially for core areas such as workflows, delegations, and integration with Microsoft Active Directory. For standard issues, the response time is quite reasonable and the documentation and knowledge base are also helpful for troubleshooting. For more complex issues, it can sometimes take a bit longer as they may need deeper analysis or escalation, but they usually follow through until resolution. Overall, I would say the support is reliable and helpful, especially for enterprise environments, with occasional delays in more complex cases.

I would rate One Identity Active Roles customer support around eight out of ten. The main reason is that the support team from One Identity is knowledgeable and helpful, especially for standard issues and guidance around Microsoft Active Directory integration. They also provide good documentation and follow structured processes in resolving tickets.

Before moving to One Identity Active Roles, we were mainly relying on native tools, which are in Microsoft Active Directory, such as the default AD users and computer consoles and some powerful shell scripts. While those tools work, they have limitations, especially in larger environments. The main challenges we faced were a lot of manual effort for routine tasks, no centralized control for standardization, difficult implementation of fine-grained delegation, limited automation and workflow capabilities, and lack of proper auditing and compliance tracking. That is why we decided to switch to One Identity Active Roles, where it provided automation for repetitive tasks, better delegation with least privilege, policy enforcement for consistency, and strong auditing and reporting.

I would say integrating One Identity Active Roles with our existing infrastructure was moderate in terms of effort. It is not too difficult, but it does require proper planning. Since it is built to work closely with Active Directory, the core integration with on-premises AD was quite smooth. Connecting domains, syncing objects, and getting basic functionality up and running was straightforward. Where it gets a bit more involved is in customization and extended integrations. For example, setting up workflows based on business requirements and integrating with cloud services such as Azure AD. Also, configuring policies and delegation models properly requires a good understanding of both Active Directory structure and business processes. In large environments, planning things such as permissions, rules, and group structures upfront is important to avoid rework later. Overall, my assessment is that the initial setup is relatively smooth, especially for Active Directory, but achieving a fully automated, optimized, and customized implementation takes some time and expertise.

I have definitely seen a clear return on investment after implementing One Identity Active Roles, especially in terms of time-saving, efficiency, and reduced operational overhead in Microsoft Active Directory. To give a more direct example, I would add some points such as time saving on onboarding. Earlier, creating and configuring a user used to take around ten to fifteen minutes manually. With automation, it reduces to two to three minutes now. Another point is the reduction in manual workload. Routine tasks such as password resets and access requests are now delegated or automated. This reduces dependency on senior admins and allows the team to focus more on critical tasks. Third, we see fewer errors. With policy enforcing standards, we have seen a noticeable drop in issues such as incorrect permissions or missing attributes, which also reduces rework. For operational efficiency, instead of needing additional admin resources as the environment grows, the existing team can handle more workload due to automation. While it may not directly reduce headcount, it definitely avoids the need to hire more people.

My experience with pricing and licensing for One Identity Active Roles is that it is typically enterprise-oriented. The licensing is usually based on the number of enabled user accounts being managed in Active Directory, which makes it scalable as the organization grows. In terms of setup cost, there is an initial investment, not just for licensing, but also for implementation, such as setting up the environment, configuring workflows, and defining policies. If customization is involved, that can add to the cost as well. However, from a value perspective, it balances out over time because it reduces manual administrative effort, improves efficiency and productivity, and minimizes errors and security risks. While the upfront cost might feel on the higher side compared to native tools, the long-term benefits and operational savings make it worthwhile.

We did evaluate a few other options. We looked at native Microsoft Active Directory tools along with PowerShell scripting, but they lacked centralized management, automation, and strong delegation features. We also considered solutions such as ManageEngine ADManager Plus  and Netwrix Auditor . ADManager Plus was good for basic automation and reporting, but it did not offer the same depth in delegation and policy control. Netwrix was strong in auditing and compliance, but it is more focused on monitoring rather than fully life-cycling management. The reason we chose One Identity Active Roles is that it offered a more complete solution combining automation, fine-grained delegation, policy enforcement, and auditing in one platform with strong integration with Active Directory. Overall, it gave us better control, scalability, and security compared to other options we evaluated.

My impression of the automation capabilities provided by One Identity Active Roles is very positive. It is one of the strongest aspects of the tool and has really streamlined how we manage Microsoft Active Directory. A good example is user onboarding. Earlier, it was a fully manual process creating the account, assigning groups, and setting attributes. Now, with automation, when a request comes in, the workflow handles everything automatically. Account creation, applying naming conventions, assigning the right groups based on department or role, and even triggering approvals if required. Another example is offboarding as well. When an employee leaves, the system can automatically disable the account, remove access, and update attributes. This ensures nothing is missed and improves security. We also use automation for group management. Instead of manually adding users to groups, dynamic rules handle it based on attributes such as department or job title. Overall, automation has reduced manual effort, improved consistency, and minimized errors. It also speeds up the turnaround time for requests, which is a big advantage for both IT and end users.

One Identity Active Roles has significantly reduced both the complexity and workload of administrative tasks in Microsoft Active Directory. Earlier, many tasks were manual, such as creating users, assigning groups, and managing permissions, which not only took time, but also increased the chance of errors. With One Identity Active Roles, a lot of that complexity is abstracted through automation policies and delegations. For example, instead of remembering multiple steps for user provisioning, we now rely on workflows that handle everything consistently. It also simplifies administration by providing a centralized interface. We do not have to switch between multiple tools or consoles. From a workload perspective, repetitive tasks have reduced significantly. Things such as password resets, access requests, and group updates are either delegated or automated, which frees up time for more critical tasks.

My experience with delegation in One Identity Active Roles has been very positive and it has really improved how we manage day-to-day operations in Microsoft Active Directory. Earlier, most administrative tasks were handled by a small group of admins, which created bottlenecks, especially for routine requests such as password resets or account unlocks. With delegation, we have been able to distribute these tasks to different teams such as the helpdesk, but with very controlled permissions. For example, they can reset passwords or unlock accounts, but they do not have access to sensitive operations such as deleting users or modifying critical attributes. This has had a big impact on our workflow. It reduced dependency on senior admins, improved response time for user requests, reduced workload on the core IT team, and ensured better security through least privilege access.

We have actively used the fine-grained permission control feature in One Identity Active Roles and it has had a strong impact on implementing least privilege in Microsoft Active Directory. Instead of giving broad admin access, we have defined very specific permissions based on roles. For example, helpdesk users are only allowed to reset passwords or unlock accounts, but they cannot modify critical attributes or delete users. This level of control has significantly reduced the number of privileged accounts in the environment. It also minimizes the risk of accidental or unauthorized changes. Another benefit is that the permissions are tied to roles, not to individuals. So it is easier to manage when people change teams or responsibilities. Overall, it has helped us enforce least privilege in a practical way, giving users exactly the access they need and nothing more, thereby improving both security and accountability.

My main advice for anyone looking to implement One Identity Active Roles is to focus on planning and design upfront. First, clearly define your roles, permissions, and delegation model before implementation. One Identity Active Roles is very powerful, but if the structure is not planned well, it can become complex later. Second, start with basic automation and policies and then gradually expand. Trying to automate everything at once can make troubleshooting difficult. It is better to take a phased approach. Third, I would say to implement least privilege principles from the beginning. Design delegation carefully so users only get the access they need. This avoids rework and improves security. Overall, my advice would be to plan well, start simple, and scale gradually because One Identity Active Roles is a very powerful tool, but it works best with a structured approach. I give this solution an overall rating of nine out of ten.

I have been using One Identity Active Roles  for approximately three to four years as a part of my role as a Senior System Administrator, where I gain hands-on experience in implementing and managing One Identity Active Roles  for centralized Active Directory administration, including creating and managing access templates, configuring role-based access control, automating user provisioning and de-provisioning processes, setting up approval workflows, enforcing policies, and delegating administrative tasks securely, along with troubleshooting synchronization issues and integration with existing AD infrastructure to ensure compliance, operational efficiency, and reduced manual effort in a large enterprise environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

In my daily work, I use One Identity Active Roles to automate user onboarding and offboarding processes, where new users are automatically created with correct permissions, group memberships, and policies based on their role, and during offboarding, accounts are disabled and access removed instantly, which helps me to reduce manual effort, improve accuracy, and ensure better security and compliance.

The best features of One Identity Active Roles that stand out to me are mainly automation, delegation, and policy enforcement, as these provide me the most value in a real-world environment, where automation helps in streamlining user provisioning, de-provisioning, and group management through workflows, significantly reducing manual effort and errors, while fine-grained delegation allows secure role-based access control so that service desk or junior admins can perform limited tasks without giving full domain access, improving security and reducing the risk of privilege misuse, and policy enforcement ensures that all objects follow predefined standards like naming conventions, mandatory attributes, and compliance rules, maintaining consistency across the environment, along with strong workflow management and approval processes for sensitive changes, dynamic group management, and detailed auditing and reporting that help track every change for compliance and security purposes, making One Identity Active Roles a powerful tool for centralized, secure, and efficient identity and access management.

One feature that I feel is not highlighted enough is the powerful auditing and reporting capability in One Identity Active Roles, which provides detailed tracking of every change made within the Active Directory through One Identity Active Roles, including who performed the action, what changes were made, and when, making it extremely useful for compliance, security investigation, and troubleshooting, and in addition, the ability to customize workflows and scripts using PowerShell integration is also very valuable as it allows extending functionality based on business requirements, automate complex tasks, and integrate with other system solutions more adaptively to different needs.

In our organization, One Identity Active Roles is deployed in a hybrid environment, where the core One Identity Active Roles components such as the administration service and management console are hosted on-premises within our data center for better control and security, while it also integrates with cloud services like Azure AD  to support hybrid identity and access scenarios, allowing us to manage both on-premises and cloud-based identities centrally, which provides flexibility, scalability, and aligns with our organization's gradual cloud adoption strategy.

One Identity Active Roles can be improved by enhancing its user interface to make it more modern and intuitive, as sometimes navigation and configuration feel complex for new users, and additionally, improving reporting and dashboard capabilities with more customizable and real-time analytics would add significant value, while better native integration with cloud platforms like Azure AD  and hybrid environments could also strengthen support for evolving infrastructure needs, and simplifying workflow design with more visual and user-friendly options, along with improved performance during large-scale operations, would make it even more efficient and easier to manage the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I have been working in my current field for the last 12 years.

One Identity Active Roles is a very stable and reliable solution in our experience, as it runs reliably in production with minimal downtime and handles large-scale Active Directory environments efficiently, provided it is properly configured and maintained, and we have seen consistent performance in day-to-day operations like provisioning, delegation, and policy enforcement without major issues.

One Identity Active Roles scales very well as the organization grows, as it is designed for enterprise environments and can handle a large number of users, groups, and directory objects efficiently, and in our experience, it has supported increasing workloads without performance issues, especially due to its centralized management, automation, and role-based delegation model, which allows us to scale the system to manage more identities without adding proportional administrative effort, and it also supports hybrid environments like on-premises and cloud integration, making it flexible for expansion based on industry needs where organizations have reported scalability issues and that continue to perform reliably as the user base and infrastructure grow.

My experience with customer support for One Identity Active Roles has been generally positive, as the support team is technically strong and responsive in handling issues in most cases, and they provide clear guidance and effective solutions.

Before implementing One Identity Active Roles, we were primarily using native Active Directory tools along with manual processes and some basic PowerShell scripts for user and group management, but we switched to One Identity Active Roles because those methods were time-consuming, error-prone, and lacked proper governance, delegation, and auditing capabilities, and as the organization grew, it became difficult to manage the identity life cycle efficiently, so we needed a centralized solution that could provide automation, role-based delegation, policy enforcement, and detailed auditing, which One Identity Active Roles delivered efficiently, helping us standardize processes, improve security, and reduce operational overhead.

I would say the integration of One Identity Active Roles with our existing IT infrastructure and directory services was moderately easy, as it integrates quite well with Active Directory out of the box and aligns with the standard Microsoft environment, so the initial setup and synchronization were straightforward, but some complexity came in when configuring advanced workflows, custom policies, and integration with the hybrid environment like Azure AD, which required careful planning, scripting, and testing, so overall, it was manageable with good documentation and experience, but not completely plug-and-play for more advanced use cases.

We have definitely seen a strong return on investment after implementing One Identity Active Roles, mainly in terms of time saving, reduced workload, and improved efficiency, where user provisioning and access requests that earlier took hours are now completed in a few minutes through automation, and we observe around a 40 to 50% reduction in service desk tickets related to Active Directory tasks, which allows the team to focus on more critical activities instead of repetitive work, while delegation reduces dependency on senior administrators, indirectly saving manpower effort, and overall, the reduction in errors, faster onboarding, and improved compliance also contribute to cost savings and operational efficiency, making it a valuable investment for the organization.

My experience with pricing, setup cost, and licensing for One Identity Active Roles has been that it is on the higher side compared to native tools, as it follows an enterprise licensing model, typically based on the number of managed users or accounts, but the cost is justified by the value it delivers in terms of automation, security, compliance, and reduced operational overhead, while the initial setup cost includes infrastructure implementation and possible professional services, which require some planning and investment, and licensing management can be a bit complex depending on the organization's size and requirements, but overall, it is considered a worthwhile investment for large environments where efficiency, governance, and scalability are critical.

Before selecting One Identity Active Roles, we evaluated solutions such as Microsoft Identity Manager  and SailPoint IdentityIQ , but we chose One Identity Active Roles because it provided a better balance of ease of deployment, strong Active Directory integration, effective delegation, and built-in automation, specifically tailored for our AD environment.

My main use case for One Identity Active Roles is to centralize and streamline Active Directory administration by implementing secure delegation, automation, and governance control, where I primarily use it for automated user provisioning and de-provisioning based on HR triggers, applying role-based access control through access templates, enforcing naming and attribute policies, and managing group membership dynamically, along with configuring approval workflows for sensitive access requests to ensure compliance and audit readiness, while also reducing manual intervention for service desk teams when delegated limited administrative rights through One Identity Active Roles by giving direct access to the domain controller, thereby improving security and operational efficiency and consistency across the enterprise environment.

One specific issue I have encountered recently is that the interface and workflow configuration can become complex and less intuitive, especially when managing multiple approval steps or modifying existing workflows, which sometimes requires deeper scripting or backend adjustments, so more user-friendly and visual workflow design would be a great improvement, and as a wish-list item, I would like to see stronger, more seamless integration with cloud and hybrid environments like Azure AD, along with enhanced real-time reporting dashboards and easier troubleshooting tools, which would help in faster issue resolution and a better overall administration experience.

I would rate this product an 8 out of 10.