Sold by: One Identity
Deployed on AWS
Simplify Active Directory Security and Management with One Identity Active Roles.
4.1
Overview
Active Roles allows you to manage and protect user and group accounts using automated task provisioning on directory objects, going above and beyond what is offered by native tools. Active Roles provides automation for consistent enforcement of corporate policies, an administrative model that allows you to delegate permissions based on role, and flexible, rule-based views across your entire AD identity environment via a consolidated single console. These features and more create a reliable and secure environment for distributed administration and account provisioning, allowing you to do your job faster.
Highlights
- Delegate least-privilege permissions based on role to ensure all identities and groups have proper privileges
- Consolidate all AD domains with Entra ID and M365 tenants onto a single console, ensuring better visibility and control over your entire AD/Entra ID/M365 environment
- Use automation to ensure accuracy and consistency of policy creation and enforcement and track changes to support your auditing and compliance reporting needs
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Win2025 Windows Server 2025 Datacenter 24H2 26100.4946
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
All fees are non-refundable and non-cancellable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Usage instructions
To access the application launch a new EC2 instance from this AMI and connect to it via RDP.
For more information, see the Active Roles Quick Start Guide: https://support.oneidentity.com/technical-documents/active-roles/8.1.5/quick-start-guide
Resources
Support
Vendor support
Once contacted Sales, follow the steps in the link below under the section 'Installing and configuring Active Roles on the EC2 instance':
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Built to tackle both Consumer and SaaS Apps across every industry. Authenticate, authorize, and secure access for applications, devices, users, and AI agents.
Seamlessly integrate your corporate identity provider (Okta, Entra ID, Active Directory, etc.) with AWS IAM Identity Center (formerly AWS SSO) to enable secure, centralized user access to AWS accounts and applications.
FortiCNAPP offers unmatched visibility and context to simplify and strengthen security, empowering teams to make the biggest impact with minimal effort and time.
Alteryx One accelerates AI-driven business transformation by empowering analysts with a no-code, self-service platform to access, prepare, and operationalize data. Seamlessly integrating with AI ecosystems, Alteryx automates processes, enabling faster, smarter decisions while ensuring security and governance, unlocking the full potential of your data to maximize ROI now.
Alteryx is trusted by 8,000+ customers and hundreds of thousands of users, empowering business users, analysts, data scientists, and engineers by democratizing analytics. Deployed on AWS, the platform provides a seamless interface for working with data in Amazon S3, Redshift, Databricks, and Snowflake. With built-in governance and collaboration, Alteryx automates pipelines, scheduling, and orchestration to deliver continuous insights without manual effort. By uniting automation with scalability, it accelerates analytics maturity, fosters collaboration, and enables organizations to fully unlock the value of their data.
Customer reviews
Dhiren Jethwa
Automated workflows have reduced onboarding time and improve secure access control
Reviewed on May 25, 2026
Review from a verified AWS customer
What is our primary use case?
One Identity Active Roles is used for automation, on-boarding, off-boarding workflows, managing group membership and permissions, role-based access control, auditing, and compliance in our hybrid AD environment with approval workflows.
A practical example we are currently using is as follows. When HR creates a new employee record, One Identity Active Roles automatically creates the AD account, assigns the correct OU based on the department location, adds predefined security groups, applies mailbox and licensing policies, and sets manager attributes and naming standards. For access control, we use dedicated administrators so the L1 helpdesk team can reset passwords or unlock accounts without receiving full domain admin rights. Access is restricted through role-based permissions and approval workflows, which improves security and reduces the risk of unauthorized AD changes.
This use case fits our organization well.
What is most valuable?
One Identity Active Roles offers workflow automation, role-based access control, dynamic group management, hybrid AD and Microsoft 365 management, approval workflows, policy enforcement, and auditing.
The feature that stands out and has had the biggest impact is the dedicated administrator combined with workflow automation. Before implementing One Identity Active Roles, routine AD tasks required senior administrators with elevated privileges. Now L1 and L2 support teams can safely handle tasks such as password resets, account unlocks, group modifications, and basic user provisioning through controlled RBAC policies. This helps us by reducing dependence on domain admin access, lowering the risk of accidental and unauthorized changes, speeding up user on-boarding and support requests, standardizing AD operations across teams, and reducing manual efforts and workload. Onboarding previously took around thirty to forty minutes, and now it takes just two to three minutes.
One Identity Active Roles has improved our organization by automating AD tasks, reducing manual errors, improving security through dedicated access control, and speeding up user onboarding and off-boarding. It has also helped reduce admin workload and improved our compliance tracking.
What needs improvement?
One Identity Active Roles is very strong for AD automation, dedicated administration, and governance, especially in a large enterprise environment. The main areas that could be improved are UI modernization and reporting flexibility. These improvements could help the product achieve a higher rating.
For how long have I used the solution?
I have been using One Identity Active Roles for almost a year.
What was our ROI?
Based on our analysis and reporting, there is approximately fifty to seventy percent reduction in manual effort. Onboarding time has been reduced from twenty to thirty minutes to five minutes. There is a significant decrease in configuration errors due to the automation workflow templates.
Which other solutions did I evaluate?
One Identity Active Roles currently satisfies my use case, and I am happy with the solution. There is no need for improvements right now. However, when time passes, I will conduct research and development with other competitors as well. When I determine that the product needs improvement, I will update my feedback accordingly.
What other advice do I have?
The features that stand out are currently working as expected. One Identity Active Roles is performing as anticipated. My overall rating for this product is eight out of ten.
reviewer2845803
Automation has transformed user onboarding and reduces manual directory administration
Reviewed on May 24, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Active Roles is automation.
One specific example of how I use automation with One Identity Active Roles is through automated employee onboarding, where when HR shares new employee details, the system automatically creates an Active Directory account, assigning it to the correct OU, group membership, email attributes, and permission based on the employee's department or role. This significantly reduces manual efforts, provisioning time, and configuration errors.
Using One Identity Active Roles, we consolidate multiple manual Active Directory administration processes and native management tools into a single, centralized platform for user provisioning, delegation, RBAC, automation, and auditing.
What is most valuable?
The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing, as these features simplify Active Directory management, improve security, reduce manual efforts, and enhance compliance.
The feature that has made the biggest difference for me in One Identity Active Roles is automation, especially automated user provisioning and de-provisioning, because it significantly reduces manual Active Directory tasks, minimizes errors, improves consistency, and accelerates onboarding and off-boarding processes.
Additionally, the delegated administration and auditing features in One Identity Active Roles are very valuable as they improve security by limiting excessive privilege and provide centralized tracking of Active Directory changes for compliance and governance.
One Identity Active Roles positively impacts our organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and off-boarding processes, reducing service desk workload, and enhancing compliance.
What needs improvement?
One Identity Active Roles can be improved with a more modern and intuitive user interface, better reporting and analytics, simplified workflow customization, enhanced troubleshooting tools, and stronger cloud and hybrid identity integration capabilities for large enterprise environments.
For how long have I used the solution?
I have been working in my current field for the last two years.
What do I think about the stability of the solution?
One Identity Active Roles is generally very stable and reliable in enterprise environments with consistent performance for Active Directory automation, delegated administration, and identity management tasks when properly configured and maintained.
What do I think about the scalability of the solution?
One Identity Active Roles scales very well for enterprise environments and can efficiently manage thousands of users, groups, and Active Directory objects through centralized automation, delegated administration, and policy management without significant performance issues.
How are customer service and support?
Customer support for One Identity Active Roles has been generally good with knowledgeable technical teams and effective assistance for deployment, troubleshooting, and Active Directory integration issues, although response time for complex escalations can sometimes be slower.
Which solution did I use previously and why did I switch?
Before implementing One Identity Active Roles, we mainly used native Active Directory tools and a manual administration process along with basic PowerShell scripting. We switched because One Identity Active Roles provides centralized management, automation, delegation, RBAC, and better compliance and auditing capabilities.
How was the initial setup?
I assess the integration of One Identity Active Roles as moderately easy, around a four out of ten in difficulty, because the core integration with Active Directory and existing Microsoft infrastructure is straightforward.
What about the implementation team?
Before selecting One Identity Active Roles, we evaluated options such as Microsoft Identity Management and SailPoint IdentityIQ , but we chose One Identity Active Roles because of its strong Active Directory integration, automation, and delegated administration.
What was our ROI?
We achieve a strong ROI with One Identity Active Roles through approximately a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual administration errors, and improved compliance and audit efficiency.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing with One Identity Active Roles has been generally positive, as the license is enterprise-based and setup requires moderate effort for Active Directory integration and workflow configuration, but the solution provides strong value through automation and delegation.
Which other solutions did I evaluate?
Before selecting One Identity Active Roles, we evaluated options such as Microsoft Identity Management and SailPoint IdentityIQ , but we chose One Identity Active Roles because of its strong Active Directory integration, automation, and delegated administration.
What other advice do I have?
My advice to others considering One Identity Active Roles is to carefully plan the RBAC model, workflow, and delegation structure before deployment, start with a pilot implementation, and fully utilize its automation and auditing features to improve Active Directory, security, compliance, and operational efficiency. I would rate this solution an eight out of ten.
reviewer2845674
Identity workflows have streamlined onboarding and offboarding but still need better UI and cloud integration
Reviewed on May 23, 2026
Review provided by PeerSpot
What is our primary use case?
One Identity Active Roles serves as our centralized Active Directory administration platform for identity lifecycle management, including automated user provisioning, delegated administration, role-based access control, workflow automation, and compliance management.
A specific example of One Identity Active Roles implementation is automating employee onboarding where new users are automatically created with correct organizational unit placement, group membership, permission assignments, and policies based on their department or job roles.
What is most valuable?
The best features of One Identity Active Roles are automation, delegated administration, role-based access control, approval workflows, policy enforcement, and auditing capabilities.
The automation capability in One Identity Active Roles helps reduce manual Active Directory tasks by automatically handling user provisioning, deprovisioning, group assignment, and policy enforcement, which improves efficiency, consistency, and security.
One Identity Active Roles has positively impacted our organization by reducing manual Active Directory administration, improving security through role-based access control and delegated access, speeding up onboarding and offboarding processes, and enhancing compliance and audit visibility.
Using One Identity Active Roles, we reduced our user provisioning time from hours to minutes, lowered service desk workload by approximately 40 to 60 minutes, reduced manual administration errors, and improved audit and compliance efficiency.
One Identity Active Roles helped us implement fine-grained delegation and access control by assigning specific administrative permissions based on roles and department, which improves security, reduces excessive privilege, minimizes manual errors, and made Active Directory management more controlled and compliant.
One Identity Active Roles integrated well with our existing IT environment, especially with Active Directory and Microsoft infrastructure, which made adoption easier without major changes to current systems or operational processes.
I was impressed with the automation capability in One Identity Active Roles, especially automated user onboarding and offboarding where accounts, group memberships, and permissions were assigned automatically based on department or roles, significantly reducing manual effort and provisioning time.
One Identity Active Roles has significantly reduced compliance effort by centralizing auditing, enforcing role-based access control and policy management, tracking Active Directory changes, and simplifying access reviews and reporting for audits.
One Identity Active Roles reduced the complexity and workload related to Active Directory by automating repetitive tasks, simplifying user and group management, enabling delegated administration, and centralizing policy and access control management.
Delegated administration in One Identity Active Roles positively affected our operations by allowing service desk teams to handle routine Active Directory tasks such as password resets, user creation, and group management without full domain administrator rights, which improved security, reduced workload on senior administrators, and sped up request resolution.
What needs improvement?
One Identity Active Roles can be improved with a more modern user interface, better reporting and analytics capabilities, simplified workflow customization, improved troubleshooting tools, and stronger cloud and hybrid identity integration capabilities.
I did not rate One Identity Active Roles at the highest level because areas such as user interface modernization, workflow complexity, troubleshooting experience, reporting capabilities, and cloud integration still have room for improvement.
For how long have I used the solution?
I have been using One Identity Active Roles for the last three years.
What do I think about the stability of the solution?
One Identity Active Roles is stable and reliable for enterprise Active Directory management and automation workloads.
What do I think about the scalability of the solution?
One Identity Active Roles scales well and can efficiently manage large enterprise Active Directory environments with thousands of users, groups, and administrative tasks.
How are customer service and support?
Customer support for One Identity has been generally good with knowledgeable technical teams and effective support for deployment, troubleshooting, and Active Directory integration issues.
Which solution did I use previously and why did I switch?
Before implementing One Identity Active Roles, we mainly relied on Active Directory tools, manual administration processes, and basic PowerShell scripting for user and group management.
How was the initial setup?
We consolidated identity and access management using One Identity Active Roles for user provisioning and group management.
What was our ROI?
We achieved a strong return on investment with One Identity Active Roles through a 40 to 50 percent reduction in service desk workload, faster user provisioning, fewer manual administrator errors, and improved compliance and audit efficiency.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for One Identity Active Roles are enterprise-oriented and typically based on the number of managed users or accounts. While setup requires moderate implementation effort for Active Directory integration and workflow configuration, overall it delivers strong value through automation and reduced administrative overhead.
Which other solutions did I evaluate?
Before selecting One Identity Active Roles, we evaluated Microsoft Identity Manager and SailPoint IdentityIQ .
What other advice do I have?
My advice to others considering One Identity Active Roles is to plan role-based access control models, workflows, and delegation structures carefully, start with a pilot deployment, and fully utilize automation and auditing features to maximize security, compliance, and operational efficiency. I would rate this product a 3 out of 5 in terms of customer service.
Siddhi Trainee
Automation has transformed user onboarding and simplifies secure access control workflows
Reviewed on May 22, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for One Identity Active Roles is for Active Directory user management, access control automation, and user provisioning and de-provisioning.
I use One Identity Active Roles to automate new user creation when a new employee joins, where the required AD account, groups permissions, and mailbox access are assigned automatically based on their roles or department.
I use One Identity Active Roles day-to-day for many use cases to reduce manual work, so it improves access management efficiency and makes user administration faster and more secure; that is mainly how One Identity Active Roles helps in my day-to-day work.
What is most valuable?
The best features of One Identity Active Roles that I have been using for the last year include workflow automation, delegated administration, role-based access control, user provisioning, de-provisioning, centralized Active Directory management, and detailed auditing and reporting use cases.
One Identity Active Roles' biggest impact is workflow automation, which has made the biggest impact for my team, as it helps automate user onboarding, access assignment, and the approval process, which saves time, reduces manual errors, and improves operational efficiency.
One Identity Active Roles has positively impacted my organization since it reduced manual administrative work, strengthened access security, and helped streamline user and permission management across the organization.
I have seen faster user onboarding and fewer manual errors after implementing One Identity Active Roles, where tasks that previously took 20 to 30 minutes manually can now be completed in just a few minutes through automation and predefined workflows.
One Identity Active Roles provides strong automation capabilities that significantly reduce manual administrative work, with one especially helpful example being automated employee onboarding, where user accounts, group membership, permissions, and mailbox access are assigned automatically based on the employee's department or role.
One Identity Active Roles has reduced the complexity and workload of Active Directory administration by automating repetitive tasks, simplifying user management, and improving delegation and access control processes.
Automation has reduced manual administrative efforts and saved significant time during onboarding and access management tasks that earlier took 20 to 30 minutes and are now completed in a few minutes.
What needs improvement?
One area that could be improved in One Identity Active Roles is the user interface and initial configuration process, as some advanced workflows and policy settings can be complex for new administrators.
What do I think about the stability of the solution?
One Identity Active Roles is stable.
What do I think about the scalability of the solution?
One Identity Active Roles is scalable and works well for growing environments with increasing users, groups, and administrative workload.
How are customer service and support?
I would rate the customer support seven out of ten.
Which solution did I use previously and why did I switch?
Previously I used different solutions on native Microsoft Active Directory administration tools and manual processes, and I switched to One Identity Active Roles to improve automation, delegation, auditing, and centralized access management.
How was the initial setup?
Integration of One Identity Active Roles with my existing identity infrastructure was moderately easy since it integrates well with Active Directory, and the setup was manageable.
Which other solutions did I evaluate?
Before choosing One Identity Active Roles, I evaluated some other options like Microsoft Entra ID and Okta for their identity and access management capabilities.
What other advice do I have?
My experience with delegation in One Identity Active Roles has been positive, allowing specific administrative tasks to be assigned to the right team without giving full domain access.
My experience with the pricing and licensing of One Identity Active Roles has been reasonable for enterprise use.
My advice for organizations considering One Identity Active Roles is to plan the role structure, delegation model, and automation workflows properly before implementation to maximize the benefits of automation, improve security, and simplify Active Directory administration.
I would rate this review eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
reviewer2845590
Centralized automation has transformed identity lifecycle management and strengthens governance
Reviewed on May 22, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Active Roles is centralized Active Directory administration and identity lifecycle management, including automatic user provisioning and deprovisioning, delegating administration, role-based access control, policy enforcement, and workflow automation to improve security, compliance, and operational efficiency.
A specific example of using One Identity Active Roles to automate user provisioning is automatic employee onboarding, where new users are automatically created with the correct OU placement, group membership, permission, and policy based on their department or role, reducing manual efforts.
Additionally, I use One Identity Active Roles for delegated administration, password management, approval workflows, group management, and auditing Active Directory changes, which helps improve security, reduce administrative workload, and maintain compliance.
What is most valuable?
The best features of One Identity Active Roles are automation, delegated administration, role-based access control, policy placement, approval workflows, and auditing.
One Identity Active Roles automation helps by automatically provisioning and deprovisioning users, assigning groups, and permission based on roles, making my work easier and more efficient. While delegating administrative tasks, it allows service desk teams to perform limited AD tasks without full domain access.
Additionally, the approval workflow, auditing, and policy enforcement features in One Identity Active Roles are very valuable, as they help maintain compliance, track all Active Directory changes, enforce naming and security standards, and improve overall governance and operational controls.
One Identity Active Roles positively impacts my organization by reducing manual Active Directory administration, improving security through delegated access and RBAC, speeding up onboarding and offboarding processes, and enhancing compliance with centralized auditing and policy enforcement.
What needs improvement?
One Identity Active Roles can be improved with a more modern and user-friendly interface, better reporting and analytics, simplified workflow customization, faster performance in large environments, and stronger cloud and hybrid identity integration capabilities.
Additionally, One Identity Active Roles could be improved with troubleshooting tools, clearer error reporting, enhanced real-time monitoring dashboards, and simplified complex policy and workflow management to make administration easier in large enterprise environments.
For how long have I used the solution?
I have been working in my current field for the last one month.
What do I think about the stability of the solution?
One Identity Active Roles is generally very stable and reliable in enterprise environments with consistent performance in Active Directory management automation and delegation tasks when properly configured and maintained.
What do I think about the scalability of the solution?
One Identity Active Roles can scale to large enterprise environments and can efficiently handle thousands of users, groups, and Active Directory objects, centralizing automation and delegation processing without significant performance issues.
How are customer service and support?
Basic customer support for One Identity Active Roles has been generally good, with knowledgeable technical teams and effective guidance on deployment, although response time for complex escalations can sometimes be a bit slower.
I would rate customer support for One Identity Active Roles around a seven out of ten for strong technical expertise and helpful guidance, with some room for improvement in escalation and response times.
Which solution did I use previously and why did I switch?
Before implementing One Identity Active Roles, I primarily used native Active Directory tools and manual administration processes, along with basic PowerShell scripting for user and group management.
How was the initial setup?
The main difficulty I faced integrating One Identity Active Roles was complex workflows, mapping RBAC permissions correctly, synchronizing a hybrid environment like Microsoft Azure , and troubleshooting policy or replication-related issues during the initial deployment.
What was our ROI?
I saw a strong ROI with One Identity Active Roles through around a forty to fifty percent reduction in service desk workload, faster user provisioning from hours to minutes, fewer manual errors, and improved compliance and audit efficiency, which saves significant administrative time and operational efforts.
What's my experience with pricing, setup cost, and licensing?
Pricing and licensing of One Identity Active Roles are enterprise-based and depend on the number of managed users or accounts, while setup costs are moderate due to infrastructure implementation and integration requirements. Overall, it provides good value through automation, security, and reduced administrative overhead.
Which other solutions did I evaluate?
Before selecting One Identity Active Roles, I evaluated options including Microsoft Identity Manager and SailPoint IdentityIQ , but chose One Identity Active Roles due to its strong Active Directory integration, automation, and delegation administrative capabilities.
What other advice do I have?
My impression of the automation capability of One Identity Active Roles is very positive, as it significantly reduces manual Active Directory tasks through automated provisioning, deprovisioning, group management, approval workflows, and policy enforcement, improving efficiency, consistency, and security across the environment.
One Identity Active Roles significantly reduces the complexity of Active Directory administration by centralizing management, automating repetitive tasks, and enabling delegated access control, although the initial setup and advanced workflow configuration can be complex in large enterprise environments.
One Identity Active Roles delegation allows service desk or junior administrators to perform specific Active Directory tasks including password resets, user creation, and group management without giving full domain administrative access, which improves security, reduces workload on senior admins, and speeds up request handling.
My advice to others considering using One Identity Active Roles is to plan the Active Directory structure, RBAC model, and workflow carefully before deployment. I recommend starting with a pilot implementation and leveraging automation and delegated administration features fully to maximize security, efficiency, and compliance benefits. I would give One Identity Active Roles an overall rating of eight out of ten.