For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Active Roles Integrations

One Identity Active Roles easily integrates with a wide array of platforms, applications, and third-party products through simplified and consolidated management points. Active Roles extends its AD account lifecycle management power across the One Identity portfolio of identity security solutions – including Authentication Services, Defender, Identity Manager, Safeguard, Password Manager, Starling Connect, Starling Approval Anywhere – as well as the Quest family of Microsoft platform management solutions, including Change Auditor, Enterprise Reporter, Recovery Manager, and GPO Admin.


Active Roles is cloud-ready and synchronizes with the following supported platforms.
Microsoft Azure

Microsoft Azure

One Identity Active Roles simplifies AD account lifecycle management for Azure Active Directory. It helps manage and secure users and group administration with role-based delegation. Migration to Azure AD is easier with Active Roles helping to ensure data consistency. With Active Roles, enabling Zero Trust to secure admin accounts is possible in hybrid and Azure AD environments.
Amazon Web Services

Amazon Web Services

A cloud-ready solution, One Identity Active Roles simplifies AD account lifecycle management for hybrid Active Directory on Amazon Web Services (AWS). Active roles improves management and security of users and group administration with role-based delegation. Migrating AD to AWS is easier with Active Roles helping to ensure data consistency. Active Roles makes zero-standing privilege achievable in your hybrid AD environments.

Authentication Services

Extends the capabilities of Active Roles to Unix and Linux environments. With the Support Pack, you can implement management scenarios that involve delegation (including Unix objects), business rules-based control and fulfilment of administrative tasks, such as provisioning and deprovisioning Unix users and groups.

Change Auditor

Leverage API sets so that AD actions managed in Active Roles are correctly audited as the instigating user, and not noted as operations performed in the Active Roles service account.


Manage Defender objects from the Active Roles MMC Admin console. The Defender administration functions available from the web interface include full token, password and PIN management.


With the RMAD integration add-on, Active Roles can perform restore tasks that include restoring directory-object properties from a backup for a user, group or contact object, as well as restoring deleted directory objects.

Group Policy Object (GPO) Admin

Integrate and automate Group Policy Object management. Active Roles detects GPOADmin operation and automates critical group-policy tasks to reduce costs and eliminate manual processes. A GPOADmin console will detect and launch the operation, accessible in a tab in Active Roles.

Identity Manager

Active Roles supports the integration with One Identity Manager through the Active Roles Synchronization Service. The integration enables organizations to progress from existing access management deployments and extend them to larger scale Identity Management programs by integrating both configurations to quickly achieve the most efficient identity management deployment possible. You can create robust policies and workflows, or reuse existing workflows and polices within Identity Manager and watch them applied via the existing Active Roles implementation.