I use it primarily for granting, managing, and auditing access.

The ways Active Roles has improved the way we operate are through workflows and user onboarding, automatic user management, group permissioning, adding users to the right groups based on the department, and distribution list creation based on dynamic group membership and active users.

And because of the single interface and workflows, it has simplified AD and Azure AD management efficiency and security.

The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

I have been using One Identity Active Roles for eight months.

It's a stable product.

It's also a scalable product. We have about 14,000 users.

The best thing about their Premier Support is their assistance with customization and resolving issues that arise.

Positive

Our company chose One Identity Active Roles rather than something else because of the auditing capabilities and workflow capabilities.

The initial setup was quite easy, but it was time-consuming. It took about three months.

It's expensive.

Compared to native Active Directory tools, in terms of accuracy and security, Active Roles is a nine out of 10.

Understanding the requirements and the key areas on which you want to focus before deploying it is vital to making sure it caters to your needs.

Overall, it enables a lot of automation and workflow-type processes. It also allows for human intervention and has auditing and reporting capabilities that include generating an automated report on a periodic basis for management review.

We use the solution for managing access to, shared drives and access for Active Directory.

We like that we can manage our groups and access. You can get granular in terms of the access control.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow. That's very important for our organization. It allows us to assign access accordingly for the file shares for admin access to servers.

It enables zero trust security with hybrid, AD, delegation, and role-based access control. It's extremely important for us.

The solution has not enabled us to reduce password reset times.

It has not automated provisioning.

The group attestation could be improved. It was a feature that was available in version 5. You can configure it, however, it's no longer out of the box. My understanding is that they will put that feature back in again. However, right now, it's a feature that is lacking.

The way you can search groups could be better. When a company has a large number of groups it's very difficult to search the groups and assign the different columns.

I've used the solution for many years. It's likely been ten to 15 years. 

The solution is stable. 

The solution is scalable. 

We have about 2,000 users using the solution at this time. 

It's being used quite extensively and we have plans to increase the use to manage the Active Directory.

We use the vendor's regular support. Sometimes the response time is slow. Sometimes we don't feel the answers they give are correct. It seems like they don't really know what the cause of the issue is, so they tell us it's not available in the version. 

Neutral

I do not recall us using a different solution previously. 

The initial setup was quite straightforward. I'm not sure how long it took to deploy. It was too long ago. 

There isn't maintenance needed. It just needs upgrading. There's a team of three or four people that manage that. 

I have witnessed an ROI while using the product over the last ten years. Resource-wise, we've saved about 20% of resources in comparison. 

The solution is fairly priced. That said, I have nothing to compare it to. 

I'm a project manager.

I can't compare the solution to anything else. We don't use anything else, and we've not used anything else for many years. 

I'd recommend the solution to others. It's a great tool. I'd rate the solution seven out of ten.

We're using it for identity management, including the creation of accounts and synchronizing them with our HR system. 

It improves things in many ways. You have control over what attributes the service desk analyst can change and you can provide them with lists of changes. You can build in the integrity rules. It also definitely simplifies management on-prem. It definitely is a plus to use this tool.

We do automated provisioning and it's set from HR through this tool. It's all instant. If it had to be done manually it would probably take a couple of hours per user, but we've had it set up like this for 10 years so I'm not sure how much time it's saving us.

It has so many features. Dynamic Groups are good and the ease of delegation is useful as well.

The Group Family feature is okay, but there are some issues around its use for creating objects automatically, based on HR attributes.

Another issue is that it doesn't look like the hybrid connections are particularly mature. We haven't really used it much. We have a couple of guys setting it up who don't really like the way it's working. It uses a synchronization tool to do that. Native integration with the cloud would be better.

Also, we're trying to manage Office 365 mailboxes and although it will create a mailbox in the cloud, it won't do shared mailboxes. That means we're having to write custom solutions for that.

Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up. Some of their built-in functions will work off of both servers and I don't see why this shouldn't as well.

Another similar gripe is that when you run custom Active Roles policies, they'll actually trigger on both hosts, not on one. In that scenario, it would be better if they would trigger on one host, unless it wasn't available. For example, if you're writing to the event log, you have a custom task and it will show up multiple times because it's being processed by multiple front-end hosts.

I've been using One Identity Active Roles for 10 years.

It's a stable solution.

It's scalable, but I don't know how scalable. A lot of it is running off of custom scripts and the question is how scalable those are in large environments. We don't have a massive environment, but we have no issues with it for our 2,000 employees. I'm guessing that if you get up to 100,000 to 200,000 employees, it would start struggling.

It's used in our organization for management of any objects inside Active Directory, so anyone who manages anything in Active Directory uses the tool.

We use the vendor's Premier Support. We wouldn't run any product like this without vendor support. It's quite critical to our company, so it would be crazy to do that with support that wasn't working. At the times we've had to deal with them, they have usually been pretty responsive.

Positive

The solution we had before Active Roles was custom-made for the company and it was written about 13 years ago.

The initial setup of the solution was straightforward. It took a few hours. I'm the only person on our IT team who handles this product, in terms of deployment and maintenance. 

We haven't measured ROI, but given that it provides automation and does save quite a bit of time, there is definitely a return on investment.

It's fairly priced.

In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what.

In fact, you can do that for many objects as well. You can see what that object can manage and who can manage the objects. You can answer an auditor's questions fairly quickly. It's just much clearer than it is in Active Directory.

I don't believe the solution enables you to create a user in the cloud and give them access to resources through a single workflow; not out of the box. You could certainly create that, but we don't do that. We use Azure AD Connect for that. We create the user account on-prem, and Azure AD Connect will create that user in the cloud for us.

Definitely do a PoC, but I would recommend Active Roles for a small company. I don't know if it would actually scale. You have to write custom scripts for a lot of it, whereas built-in functionality would generally be quicker. But for small companies of 2,000 employees, and maybe a little bit bigger, it's a great product. It's so much easier and cheaper than any of its rivals.

The solution is used for lifecycle management and can be deployed on-prem or cloud.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow which is important to all our clients.

The solution enables zero trust security with hybrid AD fine-grained delegation and role-based access control which is important to all our clients. 

The solution acts as a firewall against Active Directory, requiring our IT team to go through active roles and get approval to make changes. It has also reduced our onboarding time from one or two weeks to five or ten minutes.

The solution reduces the time it takes to reset a password to under one minute.

The solution simplifies Active Directory and Azure Active Directory management efficiency and security. It has a proxy layer, which means that no one talks to the connecting platform directly. All requests go through the active roles, which act as a proxy layer. We can set all kinds of policies, rules, and business enforcement policies on the proxy layer. This means that nothing flows to the platforms without proper information or proper data standardization. The solution manages and streamlines everything in this proxy layer.

The automated provisioning can be completed in under ten minutes.

Secure access is the most valuable feature.

The solution needs an attestation process that includes certification and recertification attestation.

The pricing is high and has room for improvement.

I have been using One Identity Active Roles for 20 years.

The solution is extremely stable. I give the stability a ten out of ten.

The solution is highly scalable and used by customers worldwide.

The technical support is responsive and helpful.

Positive

I previously used ManageEngine ADManager Plus, but I switched to One Identity Active Roles because it is more robust and highly scalable. ManageEngine is lightweight and it slows down when the number of users increases.

The initial setup is straightforward. Deployment takes around 20 minutes and depends on the type of deployment: integration, application, life cycle management, or RMAD management. However, there is usually a design and discovery phase that we conduct. Based on the discovery phase, we finalize the scope of the implementation that the end user wants to implement. This may include RMAD integration or both.

We implement the solution for our customers.

Customers typically see a return on investment within one or two months of using One Identity Active Roles.

The pricing is on the higher end.

I give the solution an eight out of ten.

Although small companies can use the solution, it is not essential for them. However, it is recommended for medium and large organizations.

One Identity Active Roles exist because of the shortfalls in Active Directory.

Before implementing One Identity Active Roles, it is important to identify the pain areas and challenges that the solution can address. This solution provides a lot of options and is highly customizable, so it is important to start with the key pain areas and challenges that the organization is facing. By doing so, the organization can gradually increase the scope of the implementation and reduce delays in automating or executing certain tasks.

It is common for people in organizations to resist change. They often prefer to work in the same way they have always worked, with the same tools and processes. In order to get people to adopt a new solution, such as One Identity Active Roles, it is important to convince them of the benefits of the change. This can be done by demonstrating how the new solution will improve efficiency, reduce costs, or increase security. It is also important to get buy-in from both the top management and the technical staff. Once everyone is on board, the change is much more likely to be successful.