One Identity Active Roles Review

Single solution for AD and Exchange RBAC, User Life Cycle Management, User Self-Service with complete audit trail.


What is our primary use case?

RBAC for AD and Exchange

Provisioning, Re-provisioning, De-provisioning and Undo-De-Provisioning of user accounts

User Self Service

Virtual AD firewall

How has it helped my organization?

  • Heavily Automates - it will automate the entire provisioning, re-provisioning, de-provisioning and undo-de-provisioning tasks
  • Complete Audit Trail - it gives an audit trail for each and every activity
  • Increase in accountability – various tasks can be enabled for approval.
  • Virtual Firewall against AD/Exchange - it helps protect Active Directory and Exchange exposure to administrators and engineers
  • Escalations – it helps escalates tasks if not acted upon in a stipulated time frame
  • Security –
    • it helps in increased security as every employee will have correct resource access depending upon the business policies
    • user account is disabled and user is removed from the security groups which prevent misuse of user credentials

What is most valuable?

  • Role Based Access Control
  • Provisioning, Re-provisioning, De-provisioning and Undo-De-provisioning policies
  • Data validation policies
  • Workflows
    • If Then Else statements
    • Approval Workflows
    • Schedule Workflows
    • Escalation
  • Virtual Schema
  • Virtual OU’s
  • Web console with easy customization option
  • Integration and data synchronization with SQL, Office 365, Lync etc.
  • Event handlers

What needs improvement?

  • Web console – it should have more customization options in terms of look and feel of the landing page
  • Workflow policies – Additional policies for folder access provisioning
  • Bring back attestation – Attestation feature is dropped from ARS. This should be brought back

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's good.

Technical Support:

It's good. In fact, the One Identity (Quest) support team has easy access to the One Identity (Quest) product developers. In case of any technical issues which has something to do with the product architecture or a bug, the support engineer brings in the developer in a remote session so that the developer understands the issue. The developer(s) then work on a patch to address the issue.

If you previously used a different solution, which one did you use and why did you switch?

I did not use any other solution.

How was the initial setup?

The initial setup is pretty straightforward. It's not at all complex.

What about the implementation team?

Our company, Amal IT Solutions, is a One Identity (Quest) partner. Our consultancy has 10+ years of experience with this solution.

What was our ROI?

I won’t be able to provide ROI from commercial perspective, but from the below points one should be able to figure it out:

  1. User provisioning/De-provisioning – this activity, which takes anywhere from one day to three or four days manually, is done in minutes without any IT resource intervention and so increases efficiency and productivity

  2. Notifications – respective stake holders/business owners are notified immediately upon an activity performed, and no follow-up emails or phone calls required

  3. Data consistency – it helps to maintain data consistency in AD which eliminates a data clean-up activity which IT department has to undertake regularly

  4. Data synchronization – it synchronizes data between HR application and AD/Exchange or other applications and AD/Exchange relieving HR and other application owners from day to day tasks of co-ordination or creating/modifying/deleting application user accounts

  5. Automation – Most of the IT tasks are automated which in turn reduces work load on IT department. IT resources could be better utilized for some other useful activities

What's my experience with pricing, setup cost, and licensing?

It’s a gentleman’s agreement.

Licensing is based on Enabled User Accounts in AD. This should include user accounts, application accounts and service accounts.Temporary accounts could be excluded, but no one from vendors really challenge the user count which the customer provides. Some customer’s find the price bit on higher side but, for me, the price is competitive compared to other products with similar functionality and considering the ROI.

The product functionality does not cease if the customer exceeds the license count. The vendor does not want to force the customer to stop using the product if the license count increases. Instead, customers can buy additional licenses without hampering the day to day work.

Which other solutions did I evaluate?

We didn't evaluate other products.

What other advice do I have?

This product has tremendous potential. It can be used to automate a lot of day to day activities. I always tell my customers, list down all your requirements, pain areas, and day to day tasks. Prioritize them, and use this tool to automate these tasks as per priority.

Disclosure: My company has a business relationship with this vendor other than being a customer: Our company, Amal IT Solutions, is a Quest Software partner. Our consultancy team has 10+ years of experience with this solution.
Add a Comment
Guest
Sign Up with Email