The most valuable features include

• auditing
• dynamic grouping
• creating dynamic groups based on AD attributes.

Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow.

And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control.

We can create a user in the cloud and give them access to resources through one workflow. I rate this feature eight out of 10 in terms of importance. Active Roles enables zero-trust security with hybrid ID fine delegation and role-based access control, which is our primary purpose for using the solution.

With the use of the sync service we were able to import information from multiple external systems and populate them within our space and leverage them for downstream systems.

ARS also gives you a single pane of glass to manage AD and Azure AD. One of the things that we really like is that we can get to everything from ARS if we need to. So unless you are a system admin, there's no reason for you to go into Azure AD, because we have it set up so that everything syncs up with Azure AD. It gives us a level of confidence that things are matching from a governance perspective. We're trying to mature. I don't know that ARS will get us to our final destination, but it is helping us govern what we can see.

It has so many features. Dynamic Groups are good and the ease of delegation is useful as well.

It's valuable to us in that it resembles the native tools that most people have grown accustomed to. Most people come from another company where they may have not used Active Roles. Active Roles resembles traditional tools, such as from Microsoft. That is really good because it eases the way people to interact with the tool.

The AD and AAD management features of this solution are really good. They're better than the native tools. They offer added value by showing more fields such as password age and the statuses of some things that we normally wouldn't see. What I really like is the fact that we have the mailbox and the user information all on one screen. With native tools, you need two tools to show that information.

Secure access is the most valuable feature.

All of the features have been valuable, and that is not often so. We use probably 90 to 95 percent of the features of Active Roles. The only one we don't use right now is the plugin to Azure because we just use Active Roles for on-prem management of our Active Directory. 

My favorite feature is probably the Dynamic Groups and the fact that Dynamic Groups are built pretty much on the fly and kept up-to-date. That is huge for us. There are so many features, if I had to pick one, then Dynamic Groups would be my favorite. We routinely will get requests from our business, saying, "We need a group that contains everybody in this particular department," whether it be a distribution list just for emails, a group to secure a file server, etc. With Active Roles, we can create this group and tell Active Roles, "Every user account that you find that has department equaling whatever 'this is', then put them in this group." 

The way Active Roles works: As soon as somebody gets the value in that department field changed to something that matches, then Active Roles puts it into that group in almost real-time. As soon as it replicates through Active Directory and Active Roles, the DC that Active Roles is using sees that change, then Active Roles take action and keeps those groups up-to-date for us.

One feature that we use a lot is temporal group membership. It allows us to put somebody in a group on a time basis. We can say, "You get put in this group," then you will automatically come out on this date at this time. We can either put them in on a date and time or take them out on a date and time. It's a great teacher, and it's also one of those things that native tools doesn't allow us to do.

The most valuable feature is the ability to delegate by using permissions and workflows. 

Another good feature is the Change History. It's centralized in a single place and allows us to manage people's Active Directory domains from a central location. We can also drill down into individual objects in a troubleshooting or even an auditing situation. We can show evidence to auditors by drilling down into the individual history. It gives you all the history of what happened around an individual object. That is something that would be almost impossible to do in Active Directory, or extremely complicated. 

We can also enforce data formats. That creates a higher quality in the data that we store in the directory by enforcing naming conventions and data formats. 

In addition, we can reach the data set by using virtual attributes, rather than extending that, so we can put schema attributes in ARS that live in AR without actually impacting the Active Directory environment.

One other thing that I really like about this product, as an engineer, is the design of it, meaning not how it looks, but how it was designed architecturally. This is one of the greatest strengths of the product. It's just designed right.

We like that we can manage our groups and access. You can get granular in terms of the access control.

The solution enables us to create a user in the cloud and give them access to resources through a single workflow. That's very important for our organization. It allows us to assign access accordingly for the file shares for admin access to servers.

It enables zero trust security with hybrid, AD, delegation, and role-based access control. It's extremely important for us.

The way it captures data and transforms it into ways that will be usable for the Active Directory is the most valuable feature. 

We haven't found a different solution that is able to do this. We have been relying on manual scripting, which proved to be very unreliable. Active Roles is definitely much better.

It also improved our automation. It was already automated, but it improved it. It was able to capture more data out of Trillium and SAP and populate the Active Directory in an open-minded manner.

We have two staff members and so per staff member, Active Roles saves us 0.2 FTE.

Active Roles has improved the accuracy of our onboarding process. There are fewer errors during the sync.

The delegation feature is really important. It is one of the most valuable features that our customers appreciate about the solution. 

The provisioning and deprovisioning saves a lot of time and skips a lot of errors.

For the AD management feature, it is perfect. It covers everything. 

• Role Based Access Control
• Provisioning, Re-provisioning, De-provisioning and Undo-De-provisioning policies
• Data validation policies
• Workflows
  • If Then Else statements
  • Approval Workflows
  • Schedule Workflows
  • Escalation
• Virtual Schema
• Virtual OU’s
• Web console with easy customization option
• Integration and data synchronization with SQL, Office 365, Lync etc.
• Event handlers

• It provides automatic provisioning/update/deprovisioning workflows from a source system to a target system.
• It allows you to easily monitor all workflow processes.
• It has very powerful native policies and scripts, which allow you to create your own custom policies, scripts, and virtual attributes.
• In addition to using the console (MMC interface), it also gives you management from the web interface.

It gives us attribute-level control and the AD management features work very well.

The built-in templates within ARS allow you to create security groups without having to construct them on your own. It greatly simplifies the process and is also makes it much easier to review if you ever need to make changes.

It provides automatic provisioning for many applications and systems, including in-house applications and cloud applications. Also, it offers a virtual directory structure and a new directory layer between users and physical directories. Management and monitoring become easier.