We just raised a $30M Series A: Read our story

One Identity Active Roles OverviewUNIXBusinessApplication

One Identity Active Roles is the #2 ranked solution in our list of top User Provisioning Software. It is most often compared to Azure Active Directory: One Identity Active Roles vs Azure Active Directory

What is One Identity Active Roles?

Active Roles is a single, unified and rich tool to automate the most troublesome user and group management tasks. With One Identity Active Roles, you can streamline user and group administration, solve security issues – and meet those never-ending compliance requirements by managing and securing on-prem, and cloud AD resources simply and efficiently with a single, intuitive solution.

One Identity Active Roles is also known as Quest Active Roles.

One Identity Active Roles Buyer's Guide

Download the One Identity Active Roles Buyer's Guide including reviews and more. Updated: October 2021

One Identity Active Roles Customers

City of Frankfurt, Moore Public Schools, George Washington University, Transavia Airlines, Howard County, MD. See all stories at OneIdentity.com/casestudies

One Identity Active Roles Video

Archived One Identity Active Roles Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Willie Clemons
Director Identity & Access Management at a tech services company with 1,001-5,000 employees
Real User
Top 20
Easy to use and Provides granular control from a single pane of glass

Pros and Cons

  • "Having a tool to manage all changes to AD from a single pane of glass is awesome."
  • "The ability to send logs to a SIEM would be very beneficial."

What is our primary use case?

We use ARS to manage multiple domains. Our organization owns over thirty companies and we needed a tool that would give us the ability to apply consistent access rules across all of the businesses.

How has it helped my organization?

ARS gives us the ability to provide granular control that AD just doesn't offer. Having a tool to manage all changes to AD from a single pane of glass is awesome. It also allows Help Desk personnel to get up to speed very quickly without having a strong technical background.

What is most valuable?

The built-in templates within ARS allow you to create security groups without having to construct them on your own. It greatly simplifies the process and is also makes it much easier to review if you ever need to make changes.

What needs improvement?

The ability to send logs to a SIEM would be very beneficial.

For how long have I used the solution?

We have been using this solution for five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
David-Fernandez
CTO at BeClever IT Solutions
Real User
The provisioning and deprovisioning saves a lot of time and skips a lot of errors

Pros and Cons

  • "The provisioning and deprovisioning saves a lot of time and skips a lot of errors."
  • "For the AAD management feature, it needs to improve the objects that we can manage and the security."

What is our primary use case?

  1. It is mainly for delegation of permissions inside the domains for large companies.
  2. It is for provisioning and deprovisioning users in the Active Directory (AD) and their licenses in Office 365.

How has it helped my organization?

We are working with a customer now who is having some problems with their permissions and delegations, because a lot of users have to do administration activities in the Active Directory. Now, they have been given domain administrators. However, with this solution, they are skipping all the domain administrators and keeping the normal users, which is fantastic for them because some of the personnel are basic IT technicians without the knowledge of AD advance features. Our customers were afraid of errors being caused by these people, so they can avoid these errors in the new environment.

This solution eliminated tedious IT tasks with provisioning. We have a lot of customers who prefill, or have only a list of values, for some fields.

What is most valuable?

The delegation feature is really important. It is one of the most valuable features that our customers appreciate about the solution. 

The provisioning and deprovisioning saves a lot of time and skips a lot of errors.

For the AD management feature, it is perfect. It covers everything. 

What needs improvement?

For the AAD management feature, it needs to improve the objects that we can manage and the security. I know that they have everything in road map, so they probably will include everything in a year or a year and a half.

I would like them to support a cloud solution. This is important for us. They have it on their roadmap. For now, they only have basic options for cloud-delivered services. We are in the prospect of looking for a customer who wants a cloud-only solution, but will wait for the new features, which will probably be available in one year.

The should try to move everything to a web interface. More solutions are trying to use a web interface. 

They need batch processing, but that is in the road map, and that's okay. 

They need better language support. While they have a language pack, it's not always available at the same time as the product. Sometimes, when we install it in other countries, they don't have the language pack, then our customers complain about this.

What do I think about the stability of the solution?

It is pretty stable.

What do I think about the scalability of the solution?

You can add more servers for some functionalities. For now, I haven't found any issues with the scalability, even with large organizations (more than 80,000 employees).

How are customer service and technical support?

While I don't open many cases, when I do open one, normally the response is quick. They either give me a solution or put it in the queue to do it. So, for now, it is okay.

How was the initial setup?

The initial setup is straightforward and easy: Install the product and connect the domains. The configuration can be complex or easy depending on the customer.

What was our ROI?

The solution has saved our customers time by automating tasks that could take from half an hour to 45 minutes.

What other advice do I have?

Test it. Whenever you test it in your real environment, you normally want it. 

If you talk with an AD administrator about this solution and you display the features: How you save time, how you avoid errors, etc. It's a really good product. The main problem is getting companies to pay money for the product, but all AD administrators want to have this solution.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Learn what your peers think about One Identity Active Roles. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
541,708 professionals have used our research since 2012.
MT
Identity Senior Analyst at a consumer goods company with 10,001+ employees
Real User
Gives us attribute-level control and the AD management features work very well

Pros and Cons

  • "It gives us attribute-level control and the AD management features work very well."
  • "Most of the time it just works."

What is our primary use case?

We use it to lock down the interface between helpdesks and Active Directory.

How has it helped my organization?

It's improved things because we don't have "cowboy changes" being made to AD without us knowing about it. People still have to do the things they need to do, but we can now make sure that they don't inadvertently do something they shouldn't.

It hasn't saved us time in terms of what needs to be done, but it has saved us time in terms of not having to go back and fix stuff when people have made mistakes.

What is most valuable?

It gives us attribute-level control and the AD management features work very well.

What needs improvement?

For what we use it for, there are no additional features it would need.

What do I think about the stability of the solution?

Most of the time it just works.

What do I think about the scalability of the solution?

It works at the scale we use it at. I can't say whether it would work in much bigger enterprises or not.

How are customer service and technical support?

I, personally, have never had cause to use technical support. My guys have interacted with them a few times and have been happy with the support they've received.

Which solution did I use previously and why did I switch?

Previously, people were able to update AD directly. We have reduced that by pushing everything through Active Roles. Our decision to go with this solution was part of the need to lock things down, make things more secure.

What about the implementation team?

We did the deployment ourselves.

What other advice do I have?

My advice would be to certainly consider Active Roles and, depending on the size of the organization, consider integrating it with Starling as well.

I know the solution is extensible through cloud-delivered services but we don't use those currently.

I would rate Active Roles a nine out of ten, based on the convenience it's given us.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Michiel Simon
Technical Manager of Security at Liberty Global
Real User
Management features offer added value by showing more fields, while automation helps mitigate risk

Pros and Cons

  • "It's valuable to us in that it resembles the native tools that most people have grown accustomed to... Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people interact with the tool."
  • "The AD and AAD management features of this solution are really good... They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see."
  • "It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task... I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch."

What is our primary use case?

We primarily use it for delegation access permissions, to helpdesks for example. We use it to automate certain things, like onboarding new users, deprovisioning leaving users, or when we add somebody to a group it triggers some kind of automation workflow. Lastly, we use it to sanitize data entry, to make sure that the first letter of the street name is capitalized, certain zip codes are allowed, others aren't; it's a type of data control.

How has it helped my organization?

It helps mitigate risks. With traditional, native Active Directory delegation, it can become really messy, really fast. You lose oversight on who has access where. We are an acquisitions and mergers company so we let go of certain companies and we onboard new ones. With native delegating, we can lose track of who has access and to what. With Active Roles, we can always see who has access, what they can do, in a very granular way. A user can modify the street name, but can't modify the city, for example; or can modify the picture, but not the names. That granularity is not normally available.

It has eliminated a lot of tedious IT tasks, especially when people leave. There are ten or 15 scripted actions that Active Roles does, always the same way and at the same time. Before, there would literally be a list of things that the admin would have to do, like hide the mailbox, disable the user, remove the groups, etc. Also, the auditing history that it keeps is very handy for us. It gives us a change record of what's been done to a user, who did it, when they did it, and that really helps out.

And now that we are outsourcing a lot of activities, we're dealing with a changing audience. Tools like this make sure that they do everything in a structured manner, that everybody does the same thing at the same time.

What is most valuable?

It's valuable to us in that it resembles the native tools that most people have grown accustomed to. Most people come from another company where they may have not used Active Roles. Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people to interact with the tool.

The AD and AAD management features of this solution are really good. They're better than the native tools. They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see. What I really like is the fact that we have the mailbox and the user information all on one screen. With native tools, you need two tools to show that information.

What needs improvement?

Active Roles allows policies and there are a lot of example policies that come with it. It has Access Templates and there are a lot of Access Template examples in it. It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task but that are not enabled. I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

It's very stable. Even if components lose connectivity or the database dies, as soon as they come back up, it just reconnects and goes.

What do I think about the scalability of the solution?

It covers everything we want. It's scalable. We can make it redundant, we can replicate databases. We don't use a lot of those features, but it's very scalable.

Which solution did I use previously and why did I switch?

The reason we went with this solution - and it was ten or 15 years ago - was the Active Directory delegation. We could not allow everyone to have native access to our Active Directory. The delegation feature was really the trigger. In addition, the automation was attractive. There was so much room for human error that we wanted to script activities, rather than relying on the admin knowing what to do.

How was the initial setup?

It requires a bit of getting used to, where you set what. But once you get the hang of it, it's really straightforward.

What was our ROI?

The ROI is in the mitigation of risks: The risk of leaving unauthorized access behind, the risk of having Active Directory pollution. With that comes risks of people getting access they shouldn't have. There is the risk of having multiple accounts for the same thing; that's the biggest part. There's no actual money there, but risk management is really what you pay for.

Which other solutions did I evaluate?

We considered using the Microsoft solution because it's free and built-in, and already there. That's what everybody does. But when you grow beyond a certain size, you find out that it just does not cut it anymore. 

We also considered using other tools, but at the time, Active Roles was very much alone in this world. I have to admit, now there are other vendors available, which I don't have any personal experience with, but on paper, they seem to do some of the same things. But at the time, there was simply nothing else that could even come close.

What other advice do I have?

I would give this solution a nine out of ten. There's always room for improvement. With every product, nothing is completely done. But this product is definitely up there.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sameer Palav
Managing Director at a tech services company with 51-200 employees
Real User
Top 20
Single solution for AD and Exchange RBAC, User Life Cycle Management, User Self-Service with complete audit trail.

What is our primary use case?

RBAC for AD and Exchange

Provisioning, Re-provisioning, De-provisioning and Undo-De-Provisioning of user accounts

User Self Service

Virtual AD firewall

How has it helped my organization?

  • Heavily Automates - it will automate the entire provisioning, re-provisioning, de-provisioning and undo-de-provisioning tasks
  • Complete Audit Trail - it gives an audit trail for each and every activity
  • Increase in accountability – various tasks can be enabled for approval.
  • Virtual Firewall against AD/Exchange - it helps protect Active Directory and Exchange exposure to administrators and engineers
  • Escalations – it helps escalates tasks if not acted upon in a stipulated time frame
  • Security –
    • it helps in increased security as every employee will have correct resource access depending upon the business policies
    • user account is disabled and user is removed from the security groups which prevent misuse of user credentials

What is most valuable?

  • Role Based Access Control
  • Provisioning, Re-provisioning, De-provisioning and Undo-De-provisioning policies
  • Data validation policies
  • Workflows
    • If Then Else statements
    • Approval Workflows
    • Schedule Workflows
    • Escalation
  • Virtual Schema
  • Virtual OU’s
  • Web console with easy customization option
  • Integration and data synchronization with SQL, Office 365, Lync etc.
  • Event handlers

What needs improvement?

  • Web console – it should have more customization options in terms of look and feel of the landing page
  • Workflow policies – Additional policies for folder access provisioning
  • Bring back attestation – Attestation feature is dropped from ARS. This should be brought back

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

No issues encountered.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

It's good.

Technical Support:

It's good. In fact, the One Identity (Quest) support team has easy access to the One Identity (Quest) product developers. In case of any technical issues which has something to do with the product architecture or a bug, the support engineer brings in the developer in a remote session so that the developer understands the issue. The developer(s) then work on a patch to address the issue.

Which solution did I use previously and why did I switch?

I did not use any other solution.

How was the initial setup?

The initial setup is pretty straightforward. It's not at all complex.

What about the implementation team?

Our company, Amal IT Solutions, is a One Identity (Quest) partner. Our consultancy has 10+ years of experience with this solution.

What was our ROI?

I won’t be able to provide ROI from commercial perspective, but from the below points one should be able to figure it out:

  1. User provisioning/De-provisioning – this activity, which takes anywhere from one day to three or four days manually, is done in minutes without any IT resource intervention and so increases efficiency and productivity

  2. Notifications – respective stake holders/business owners are notified immediately upon an activity performed, and no follow-up emails or phone calls required

  3. Data consistency – it helps to maintain data consistency in AD which eliminates a data clean-up activity which IT department has to undertake regularly

  4. Data synchronization – it synchronizes data between HR application and AD/Exchange or other applications and AD/Exchange relieving HR and other application owners from day to day tasks of co-ordination or creating/modifying/deleting application user accounts

  5. Automation – Most of the IT tasks are automated which in turn reduces work load on IT department. IT resources could be better utilized for some other useful activities

What's my experience with pricing, setup cost, and licensing?

It’s a gentleman’s agreement.

Licensing is based on Enabled User Accounts in AD. This should include user accounts, application accounts and service accounts.Temporary accounts could be excluded, but no one from vendors really challenge the user count which the customer provides. Some customer’s find the price bit on higher side but, for me, the price is competitive compared to other products with similar functionality and considering the ROI.

The product functionality does not cease if the customer exceeds the license count. The vendor does not want to force the customer to stop using the product if the license count increases. Instead, customers can buy additional licenses without hampering the day to day work.

Which other solutions did I evaluate?

We didn't evaluate other products.

What other advice do I have?

This product has tremendous potential. It can be used to automate a lot of day to day activities. I always tell my customers, list down all your requirements, pain areas, and day to day tasks. Prioritize them, and use this tool to automate these tasks as per priority.

Disclosure: My company has a business relationship with this vendor other than being a customer: Our company, Amal IT Solutions, is a Quest Software partner. Our consultancy team has 10+ years of experience with this solution.
ITCS user
Senior Solution Consultant at a tech services company with 51-200 employees
Consultant
It has very powerful native policies and scripts

Pros and Cons

  • "It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system."
  • "For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript."

How has it helped my organization?

When a new employee is hired, we create a new Active Directory (AD) user in a related department (Organizational Unit) with a random generated password, then give that user some AD rights. Also, we create an exchange mail user for this user on cloud or on-prem and inform that user by sending a notification mail or SMS. We did similar things in other systems and did all the process manually before Active Roles. That means lots of workload and manual processes. Active Roles provided us to do all these operations automatically and reduced our workload very significantly.

What is most valuable?

  • It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system.
  • It allows you to easily monitor all workflow processes.
  • It has very powerful native policies and scripts, which allow you to create your own custom policies, scripts, and virtual attributes.
  • In addition to using the console (MMC interface), it also gives you management from the web interface.

What needs improvement?

For ActiveRoles, it would be good if the product supports multi-scripting language. You can use only VBScript.

VB.net , C#, or Powershell scripting would be a good choice for the product.

For how long have I used the solution?

Almost five years.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

Technical support replies really promptly. The support team is very experienced and focused on the product. On the other hand, there is a community portal and you can find every piece of knowledge on there.

Which solution did I use previously and why did I switch?

We have not used any similar products before. We did all related operations manually.

How was the initial setup?

It was very straightforward.

What's my experience with pricing, setup cost, and licensing?

The licensing model is a simple user-based model, not that much complicated.

Which other solutions did I evaluate?

We evaluated and researched other options, such as NetIQ, FIM, Oracle, CA, IBM, and SailPoint.

However, Active Roles is most suitable for us.

What other advice do I have?

It is very important to come together with system owners who will be integrated at the beginning of the project to clarify all the rules and determine the work to be done. Test environments of the systems to be integrated must be requested. Test environments are so necessary.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
EY
Solution Architect at a tech services company with 51-200 employees
MSP
Top 5Leaderboard
Offers automatic provisioning for multiple applications/systems and a virtual directory structure

How has it helped my organization?

  • Automation of manual identity management operations (provisioning and deprovisioning).
  • Solving security and compliance issues is easy.
  • Operational issues are much easier and more reliable with Quest ActiveRoles's directory layer and portal.

What is most valuable?

It provides automatic provisioning for many applications and systems, including in-house applications and cloud applications. Also, it offers a virtual directory structure and a new directory layer between users and physical directories. Management and monitoring become easier.

What needs improvement?

Scripting options in different languages.

For how long have I used the solution?

Under four years.

What do I think about the stability of the solution?

Not yet.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

It is excellent. Quick and useful answers.

They also have a large community portal where you can find a lot of information.

Which solution did I use previously and why did I switch?

I didn't use any other solution, but I evaluated many solutions.

How was the initial setup?

It was simple. I didn't have a problem. It took half a day.

What's my experience with pricing, setup cost, and licensing?

There is a simple user-based licensing model. Not complicated.

Which other solutions did I evaluate?

Yes. NetIQ, FIM, Oracle, CA, IBM, and SailPoint.

What other advice do I have?

Choose your project team well. Remember that analysis of all processes is very important. Don't forget that testing is also very important after each development.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free One Identity Active Roles Report and get advice and tips from experienced pros sharing their opinions.