ActiveRoles Server - license - 1 user

What is our primary use case? We use it for various purposes, such as automating tasks in an Active Directory environment. How has it helped my organization? It assists the help desk in doing certain tasks in a more controlled manner, for instance, setting up new users. We enforce required fields to prevent setting up users without them, ensuring that certain fields meet specific requirements. It also facilitates easier management of various security features than Active Directory. It has helped increase operational efficiency in our organization. We have a clear structure. There is a reduction in the mistakes. What is most valuable? It is an easier way for me to manage Active Directory with more advanced features. The console helps with granular control. What needs improvement? There is always room to improve the user interface for increased clarity. I believe enhancements to the console are also necessary because it is more confusing than the web interface. For how long have I used the solution? I have used the solution for a bit more than three years. What do I think about the stability of the solution? It is stable. I would rate it an eight out of ten for stability. What do I think about the scalability of the solution? It seems scalable. How are customer service and support? It is good. I would rate them a nine out of ten. How would you rate customer service and support? Positive What other advice do I have? It is good, and I would recommend it, but you should do a proof of concept and see if it works for your environment. Overall, I would rate the solution an eight out of ten. Which deployment model are you using for this solution? On-premises Disclaimer: I am a real user, and this review is based on my own experience and opinions.

What is our primary use case? We use Active Roles to bring our decentralized environment into a single pane of glass. Our entire customer base is in a single directory, and they can manage their objects without interfering with other entities in our environment. How has it helped my organization? We saw benefits immediately. We must have these roles in place in our environment, or we'd be in big trouble. The solution improved our operational efficiency. Instead of manually applying permissions in Active Directory to thousands of OUs, we can do it in five minutes with a command in PowerShell. It prevents us from erroneously assigning permissions. Active Roles improves our security posture by ensuring permissions are consistent and applied to the correct target every time. By taking the manual work out of the equation, we ensure we don't have any credential leaks. What is most valuable? Active Roles is easy to configure. It isn't a plug-and-play solution, and you need expertise to set it up. However, once you have your templates, it's easy to deploy in a highly decentralized environment. The custom configuration for our customers is fantastic, especially the web interface. The solution gives us granular control, allowing us to build highly customized roles and apply them across our environment. We have 500,000 separate OUs. What needs improvement? Active Roles could add more options for web customization. Our requirements are exceedingly specific. We'd like to get the web interface down to just five buttons, but in some cases, we can only get to six. The web interface in the current version is less customizable than in the previous one. For how long have I used the solution? We have used Active Roles for 10 years over two periods. What do I think about the stability of the solution? We've had no issues with crashing, but we've had problems with the web interface lagging. We're not sure if that's the infrastructure. What do I think about the scalability of the solution? One Identity is pretty scalable. We have SQL on the back end so that we can spin up a VM and bring up a new web interface. It has a new feature where a workflow can run on a dedicated server, and we don't need to use our frontend servers for workflow activities. How are customer service and support? I rate One Identity support nine out of 10. We are happy with the quality of One Identity's support team. We get a response within one or two days. Our unique organization has uncommon problems, so we typically need tier 2 or 3 support. The good thing about One Identity is that we don't need to spend a few days convincing them to escalate. How would you rate customer service and support? Positive How was the initial setup? Deploying Active Roles was easy. We had prior experience, and help from professional services made it easier. Our environment is unique, and their professional services helped tremendously with our odd use cases. You can stand up an out-of-the-box deployment in a couple of days. We had one primary engineer and two assistants on the deployment team. What's my experience with pricing, setup cost, and licensing? I wasn't involved in purchasing the solution, but I get the impression from management that it's priced about the same as other products, and we get more value from it. What other advice do I have? I rate One Identity Active Roles 10 out of 10. My suggestion to future users is to map out your roles with as much granular precision as possible. We're trying to solve the same problems with fewer products. We're not there yet, but we plan to consolidate, and our customers are happy with One Identity products. Which deployment model are you using for this solution? On-premises Disclaimer: I am a real user, and this review is based on my own experience and opinions.

What is our primary use case? I am an implementer for the product. I install Active Roles for companies. How has it helped my organization? Active Roles helps my clients by reducing erroneous privileged accounts, often cutting them in half. It also reduces IT administrators' time spent on these tasks by 5 to 10 percent. My clients can save money on licensing. We can bundle Active Roles with other IGA solutions and save on overall service renewal. The solution improves user experience for most users. The end-users generally only use the self-service portion, which they like. It's easy for them to use. Unfortunately, there is one annoying setting that they initially set, but that could easily be remedied in the future. For IT users, it's a mixed bag. Administrators love it. I think it's wonderful. Depending on how the administrators deploy it, the help desk users either think it's great or hate it because they want to use a console. What is most valuable? The best part of this Active Roles is the workflow engine. It features an industry-leading workflow automation feature. It's a visual PowerShell that allows task interruption. It offers single-pane-of-glass management to a degree. Right now, the Azure side can only be done from the web UI, not the console. The administrative side can only be done from the console, not the web UI. Conditional access works well. Combined with RBAC, it always works well with Active Roles because Active Roles can do access based on dynamic implementation. The permission management feature is also excellent, clearly showing delegated permissions. Active Roles tells you when any permissions are done without going into this crazy fine-grained permission strategy that is horrible compared to Active Roles' template-based permissions. You can design on your own. It easily shows where all the permissions are delegated. Unfortunately, you can't do much with zero trust and Active Roles at the moment unless you combine them with Safeguard. It lines up with using zero trust if you combine a couple of different workflows together. What needs improvement? Active Roles can fix many little problems that have never been resolved and have lingered for years, continuing to annoy people. For example, you can't search by object GUIDs. The manual says you can, but it hasn't worked in five years. For how long have I used the solution? I have been using Active Roles for about 15 years. What do I think about the stability of the solution? I would rate the stability of the Active Roles eight out of 10. It's a fairly stable product but not perfectly reliable. What do I think about the scalability of the solution? Active Roles is super easy to scale. How are customer service and support? I rate One Identity support 10 out of 10. Customer service and support are fantastic. The support team is very responsive. I love those guys. How would you rate customer service and support? Positive Which solution did I use previously and why did I switch? I have used KAOSoft and AD Access previously. Active Roles has PowerShell modules and a whole PowerShell backend that none of the other solutions do. That's where they lose the most. PowerShell makes a considerable difference compared to those other applications. How was the initial setup? The initial setup is generally straightforward. It takes a week or two for an inexperienced organization to set it up, but I can do it in a day or less. It could involve multiple teams, depending on what you're doing. For example, if you're integrating Exchange, you need Exchange admins to be involved. What was our ROI? Active Roles always saves my clients money, mostly in licensing and service renewal. What's my experience with pricing, setup cost, and licensing? The pricing for Active Roles is expensive but not as expensive as other solutions like Okta. Which other solutions did I evaluate? I have evaluated KAOSoft, AD Access, and Okta, among others. What other advice do I have? I rate One Identity Active Roles 10 out of 10. Managing singular identities without a management suite is difficult. Active Roles is not an identity and access management solution. It's an Active Directory management suite. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer:Partner

What is our primary use case? I use it primarily for granting, managing, and auditing access. How has it helped my organization? The ways Active Roles has improved the way we operate are through workflows and user onboarding, automatic user management, group permissioning, adding users to the right groups based on the department, and distribution list creation based on dynamic group membership and active users. And because of the single interface and workflows, it has simplified AD and Azure AD management efficiency and security. What is most valuable? The most valuable features include * auditing * dynamic grouping * creating dynamic groups based on AD attributes. Also, as part of the cloud identity, meaning expanding identity to the cloud, it gives me a single workflow to expand on-prem. I can create a user in the cloud and give them access to resources through a single workflow. And for regulatory, auditing, and security requirements, it's critical that the solution enables Zero Trust security with hybrid AD fine delegation and role-based access control. For how long have I used the solution? I have been using One Identity Active Roles for eight months. What do I think about the stability of the solution? It's a stable product. What do I think about the scalability of the solution? It's also a scalable product. We have about 14,000 users. How are customer service and support? The best thing about their Premier Support is their assistance with customization and resolving issues that arise. How would you rate customer service and support? Positive Which solution did I use previously and why did I switch? Our company chose One Identity Active Roles rather than something else because of the auditing capabilities and workflow capabilities. How was the initial setup? The initial setup was quite easy, but it was time-consuming. It took about three months. What's my experience with pricing, setup cost, and licensing? It's expensive. Which other solutions did I evaluate? Compared to native Active Directory tools, in terms of accuracy and security, Active Roles is a nine out of 10. What other advice do I have? Understanding the requirements and the key areas on which you want to focus before deploying it is vital to making sure it caters to your needs. Overall, it enables a lot of automation and workflow-type processes. It also allows for human intervention and has auditing and reporting capabilities that include generating an automated report on a periodic basis for management review. Which deployment model are you using for this solution? On-premises Disclaimer: I am a real user, and this review is based on my own experience and opinions.

What is our primary use case? We use the solution for managing access to, shared drives and access for Active Directory. What is most valuable? We like that we can manage our groups and access. You can get granular in terms of the access control. The solution enables us to create a user in the cloud and give them access to resources through a single workflow. That's very important for our organization. It allows us to assign access accordingly for the file shares for admin access to servers. It enables zero trust security with hybrid, AD, delegation, and role-based access control. It's extremely important for us. What needs improvement? The solution has not enabled us to reduce password reset times. It has not automated provisioning. The group attestation could be improved. It was a feature that was available in version 5. You can configure it, however, it's no longer out of the box. My understanding is that they will put that feature back in again. However, right now, it's a feature that is lacking. The way you can search groups could be better. When a company has a large number of groups it's very difficult to search the groups and assign the different columns. For how long have I used the solution? I've used the solution for many years. It's likely been ten to 15 years. What do I think about the stability of the solution? The solution is stable. What do I think about the scalability of the solution? The solution is scalable. We have about 2,000 users using the solution at this time. It's being used quite extensively and we have plans to increase the use to manage the Active Directory. How are customer service and support? We use the vendor's regular support. Sometimes the response time is slow. Sometimes we don't feel the answers they give are correct. It seems like they don't really know what the cause of the issue is, so they tell us it's not available in the version. How would you rate customer service and support? Neutral Which solution did I use previously and why did I switch? I do not recall us using a different solution previously. How was the initial setup? The initial setup was quite straightforward. I'm not sure how long it took to deploy. It was too long ago. There isn't maintenance needed. It just needs upgrading. There's a team of three or four people that manage that. What was our ROI? I have witnessed an ROI while using the product over the last ten years. Resource-wise, we've saved about 20% of resources in comparison. What's my experience with pricing, setup cost, and licensing? The solution is fairly priced. That said, I have nothing to compare it to. What other advice do I have? I'm a project manager. I can't compare the solution to anything else. We don't use anything else, and we've not used anything else for many years. I'd recommend the solution to others. It's a great tool. I'd rate the solution seven out of ten. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

What is our primary use case? We're using it for identity management, including the creation of accounts and synchronizing them with our HR system. How has it helped my organization? It improves things in many ways. You have control over what attributes the service desk analyst can change and you can provide them with lists of changes. You can build in the integrity rules. It also definitely simplifies management on-prem. It definitely is a plus to use this tool. We do automated provisioning and it's set from HR through this tool. It's all instant. If it had to be done manually it would probably take a couple of hours per user, but we've had it set up like this for 10 years so I'm not sure how much time it's saving us. What is most valuable? It has so many features. Dynamic Groups are good and the ease of delegation is useful as well. What needs improvement? The Group Family feature is okay, but there are some issues around its use for creating objects automatically, based on HR attributes. Another issue is that it doesn't look like the hybrid connections are particularly mature. We haven't really used it much. We have a couple of guys setting it up who don't really like the way it's working. It uses a synchronization tool to do that. Native integration with the cloud would be better. Also, we're trying to manage Office 365 mailboxes and although it will create a mailbox in the cloud, it won't do shared mailboxes. That means we're having to write custom solutions for that. Another issue we have with the product is that we run a lot of custom tasks. You have to program them to run on one particular host and there's no automatic failover to a second host. If that host is down when a task is supposed to run, it has to wait until the next time it runs when that host is up. Some of their built-in functions will work off of both servers and I don't see why this shouldn't as well. Another similar gripe is that when you run custom Active Roles policies, they'll actually trigger on both hosts, not on one. In that scenario, it would be better if they would trigger on one host, unless it wasn't available. For example, if you're writing to the event log, you have a custom task and it will show up multiple times because it's being processed by multiple front-end hosts. For how long have I used the solution? I've been using One Identity Active Roles for 10 years. What do I think about the stability of the solution? It's a stable solution. What do I think about the scalability of the solution? It's scalable, but I don't know how scalable. A lot of it is running off of custom scripts and the question is how scalable those are in large environments. We don't have a massive environment, but we have no issues with it for our 2,000 employees. I'm guessing that if you get up to 100,000 to 200,000 employees, it would start struggling. It's used in our organization for management of any objects inside Active Directory, so anyone who manages anything in Active Directory uses the tool. How are customer service and support? We use the vendor's Premier Support. We wouldn't run any product like this without vendor support. It's quite critical to our company, so it would be crazy to do that with support that wasn't working. At the times we've had to deal with them, they have usually been pretty responsive. How would you rate customer service and support? Positive Which solution did I use previously and why did I switch? The solution we had before Active Roles was custom-made for the company and it was written about 13 years ago. How was the initial setup? The initial setup of the solution was straightforward. It took a few hours. I'm the only person on our IT team who handles this product, in terms of deployment and maintenance. What was our ROI? We haven't measured ROI, but given that it provides automation and does save quite a bit of time, there is definitely a return on investment. What's my experience with pricing, setup cost, and licensing? It's fairly priced. Which other solutions did I evaluate? In comparison to native Active Directory tools, using Active Roles for delegation is so much better. It uses an access template and that makes it easy to see who can access what. In fact, you can do that for many objects as well. You can see what that object can manage and who can manage the objects. You can answer an auditor's questions fairly quickly. It's just much clearer than it is in Active Directory. What other advice do I have? I don't believe the solution enables you to create a user in the cloud and give them access to resources through a single workflow; not out of the box. You could certainly create that, but we don't do that. We use Azure AD Connect for that. We create the user account on-prem, and Azure AD Connect will create that user in the cloud for us. Definitely do a PoC, but I would recommend Active Roles for a small company. I don't know if it would actually scale. You have to write custom scripts for a lot of it, whereas built-in functionality would generally be quicker. But for small companies of 2,000 employees, and maybe a little bit bigger, it's a great product. It's so much easier and cheaper than any of its arrivals. Which deployment model are you using for this solution? On-premises Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

What is our primary use case? The solution is used for lifecycle management and can be deployed on-prem or cloud. How has it helped my organization? The solution enables us to create a user in the cloud and give them access to resources through a single workflow which is important to all our clients. The solution enables zero trust security with hybrid AD find delegation and role-based access control which is important to all our clients. The solution acts as a firewall against Active Directory, requiring our IT team to go through active roles and get approval to make changes. It has also reduced our onboarding time from one or two weeks to five or ten minutes. The solution reduces the time it takes to reset a password to under one minute. The solution simplifies Active Directory and Azure Active Directory management efficiency and security. It has a proxy layer, which means that no one talks to the connecting platform directly. All requests go through the active roles, which act as a proxy layer. We can set all kinds of policies, rules, and business enforcement policies on the proxy layer. This means that nothing flows to the platforms without proper information or proper data standardization. The solution manages and streamlines everything in this proxy layer. The automated provisioning can be completed in under ten minutes. What is most valuable? Secure access is the most valuable feature. What needs improvement? The solution needs an attestation process that includes certification and recertification attestation. The pricing is high and has room for improvement. For how long have I used the solution? I have been using One Identity Active Roles for 20 years. What do I think about the stability of the solution? The solution is extremely stable. I give the stability a ten out of ten. What do I think about the scalability of the solution? The solution is highly scalable and used by customers worldwide. How are customer service and support? The technical support is responsive and helpful. How would you rate customer service and support? Positive Which solution did I use previously and why did I switch? I previously used ManageEngine ADManager Plus, but I switched to One Identity Active Roles because it is more robust and highly scalable. ManageEngine is lightweight and it slows down when the number of users increases. How was the initial setup? The initial setup is straightforward. Deployment takes around 20 minutes and depends on the type of deployment: integration, application, life cycle management, or RMAD management. However, there is usually a design and discovery phase that we conduct. Based on the discovery phase, we finalize the scope of the implementation that the end user wants to implement. This may include RMAD integration or both. What about the implementation team? We implement the solution for our customers. What was our ROI? Customers typically see a return on investment within one or two months of using One Identity Active Roles. What's my experience with pricing, setup cost, and licensing? The pricing is on the higher end. What other advice do I have? I give the solution an eight out of ten. Although small companies can use the solution, it is not essential for them. However, it is recommended for medium and large organizations. One Identity Active Roles exist because of the shortfalls in Active Directory. Before implementing One Identity Active Roles, it is important to identify the pain areas and challenges that the solution can address. This solution provides a lot of options and is highly customizable, so it is important to start with the key pain areas and challenges that the organization is facing. By doing so, the organization can gradually increase the scope of the implementation and reduce delays in automating or executing certain tasks. It is common for people in organizations to resist change. They often prefer to work in the same way they have always worked, with the same tools and processes. In order to get people to adopt a new solution, such as One Identity Active Roles, it is important to convince them of the benefits of the change. This can be done by demonstrating how the new solution will improve efficiency, reduce costs, or increase security. It is also important to get buy-in from both the top management and the technical staff. Once everyone is on board, the change is much more likely to be successful. Which deployment model are you using for this solution? On-premises Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner

What is our primary use case? We use Active Roles as a single point to manage all our users. We're using all of the system's management capabilities, like setting group policies and delegating roles. We have around 1,400 users and 25 or 30 admins. The company uses Active Roles as a standalone solution because we don't have HR or ERP systems connected to applications. We aren't using it to migrate from Active Directory to Azure AD. We use a Microsoft solution called AD Sync. We had this functionality before implementing Active Roles, but we hope to get that improved connectivity to Azure AD and Exchange Online. How has it helped my organization? Active Roles improved the management of users, groups, and AD objects in the organization. It reduces the time we spend on password resets by 50 percent and speeds up other administrative tasks by providing a faster channel to do these things. We can use it everywhere in the organization. It centralizes and distributes IT functions to our sub-IT administrators, making everything more efficient. It makes us more productive because users don't need to submit a ticket to our service desk. The solution makes AD management simpler and more secure. Security is a priority here because we are using lots of GDPR data. It's more specific because users can see what things mean. We can manage all our users in a more granular way than before. What is most valuable? We can create a user in the cloud and give them access to resources through one workflow. I rate this feature eight out of 10 in terms of importance. Active Roles enables zero-trust security with hybrid ID fine delegation and role-based access control, which is our primary purpose for using the solution. What needs improvement? The user and group management in Azure AD could be better. Our focus these days is dynamic sharing with several on-prem Microsoft applications like SharePoint. For how long have I used the solution? I have used Active Roles for around four years. How are customer service and support? I don't think we've ever contacted One Identity support. We might contract with Advania or another company called SolidTrust for those things. Which solution did I use previously and why did I switch? We had a homebrewed system, but we adopted Active Roles because we needed a more standardized product. It was cheaper for our organization to use a standard product. How was the initial setup? Deploying Active Roles was straightforward and took about two years. It was a fight against time to implement because we needed to get all the applications in our organization into Active Roles. We were dealing with a wide range of applications and functional roles at the time. What about the implementation team? We contracted with a Swiss company to build the solution for us. We were very satisfied with their work. What was our ROI? I believe we've seen a return. What's my experience with pricing, setup cost, and licensing? The price is reasonable. It costs us about 1 million Danish kroner annually, and we also spend about half as much on consultants. What other advice do I have? I rate One Identity Active Roles eight out of 10. It has an unattractive web UI. If they could fix that and make it more configurable, I would give it a 10. My advice to future users is to integrate as many applications as you can into this and use all the dynamic groups. Disclaimer: I am a real user, and this review is based on my own experience and opinions.