Please share with the community what you think needs improvement with One Identity Active Roles.
What are its weaknesses? What would you like to see changed in a future version?
We would like to see * extension of change-tracking auditing capabilities, especially in relationship to the virtual attributes * more flexibility with group families * integration with cloud database path solutions * better integration with Azure AD; it integrates, but it could be better. These are all things that our tech team has talked to their tech team about. And they're extremely responsive. In addition, there are some features that we think should be included in their next release. We think these things would take them to the next level: the ability to completely force or limit any dynamic group processing to specific servers, change-tracking reporting of virtual attributes, and the ability to use files as inputs to automation workloads. These things have also been talked about. Knowing One Identity, they're probably working on them.
In terms of improvement, it could be made even more user-friendly for administrators when they need to create new workflows and rulesets. It's a bit difficult. I'm not the technical person that uses it, it's my team, but I heard comments that it is quite difficult for them to get to know the product and set up the tasks that are required.
The overall UI needs a refresh; the web interface requires some modernization. We would also like to have a SaaS version of Active Roles. Rather than implementing it in our data center, it would have been nice having a SaaS-delivered solution. The third area for improvement, which is the weakest portion of ARS, is the workflow engine, which was introduced a few years ago. It's slow and not very intuitive to use, so I would like to see improvement there.
When doing a workflow, we would like a bit better feedback on the screen, as we're trying to get it to work. For example, there is a "Find" function that you need set up in a workflow to do some of the automation. It is not the easiest to get a result from those finds when you're trying to do that. In the MMC, they have a couple different types of workflows. In this particular case, we use their workflow functionality to find all of X within the environment, then if you find it, do X, Y, and Z. You can have multiple steps. When you do that search function within that workflow, it's really hard to find out, "Is my search working?" It would be nice if there was some feedback on the screen so you could see if your search is working properly within the workflow. There are other finds, like when you just simply go look in Active Directory, and say, "Find." I absolutely love that we can export the results from that one. It's only the search function within the workflow that could be a little bit better. In version 7.4.1, they added support for SAML authentication to the web pages and the documentation was quite lacking. The documentation for that, in particular, needs a lot of work. I ended up having to work with support over multiple sessions to try and get that to work properly. This was a newer function for 7.4.1, so I had never used it before in the previous versions. When you downloaded their product, the documentation was the same as they had posted on their website. It was the same in both places. It was very broken up and wasn't complete. It needed to be reworded and flow better so somebody new could follow it a bit better. Because even after following all the solutions, even the tech support said to do it differently than what was in the document before we could get it to work. Therefore, I would definitely like to see some work on the documentation for that area.
The ability to send logs to a SIEM would be very beneficial.
For the AAD management feature, it needs to improve the objects that we can manage and the security. I know that they have everything in road map, so they probably will include everything in a year or a year and a half. I would like them to support a cloud solution. This is important for us. They have it on their roadmap. For now, they only have basic options for cloud-delivered services. We are in the prospect of looking for a customer who wants a cloud-only solution, but will wait for the new features, which will probably be available in one year. The should try to move everything to a web interface. More solutions are trying to use a web interface. They need batch processing, but that is in the road map, and that's okay. They need better language support. While they have a language pack, it's not always available at the same time as the product. Sometimes, when we install it in other countries, they don't have the language pack, then our customers complain about this.
For what we use it for, there are no additional features it would need.
Active Roles allows policies and there are a lot of example policies that come with it. It has Access Templates and there are a lot of Access Template examples in it. It also has workflows and those are really powerful, but there are no built-in workflows. When it comes to them, it's empty. I would personally love for it to come with ten, 15, or 20 workflows where each achieves a certain task but that are not enabled. I could just look at how each is done, clone them, copy them, modify them the way I want them, and be good to go. Right now we have to invent things from scratch.
* Web console – it should have more customization options in terms of look and feel of the landing page * Workflow policies – Additional policies for folder access provisioning * Bring back attestation – Attestation feature is dropped from ARS. This should be brought back
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.