For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Active Roles

Simplify identity management and security with visibility of all Entra ID (Azure AD) tenants, Microsoft 365 and Active Directory domains from a single pane of glass. Ensure users and objects have fine grained privileged access only when they need it with dynamic delegation across your identity landscape. Automate manual processes to increase efficiency and security while accelerating account, group and directory management.
What is Active Roles? | One Identity 03:13

Key benefits

Increase security

Deploy Zero Trust Least Privilege for AD

Delegate permissions based on role to ensure only those who should have access to a given application do, and only for as long as they need it. Find out more

Ensure data integrity and compliance

Maintain accurate data and reporting

Use automation to ensure accuracy and consistency. Audit capabilities provide compliance reporting at your fingertips.

Simplify the management of complex environments

Consolidate onto a single console

Consolidate all AD domains, Entra ID (Azure AD) tenants and Microsoft 365 onto a single console, ensuring better visibility and control over your entire Microsoft environment.

Establish and maintain consistency

Synchronize Directories

Sync multiple data sources across the organization for data consistency and improved security and efficiency.

Bolster efficiency

Automate AD tasks and group management

Automate tasks to ensure accuracy and consistency and reduce manual demands. Easily manage identities and groups and move identities and objects among groups when needed, to accommodate role changes.


Hybrid Active Directory, Entra ID and Microsoft 365 security and management

Simplify identity management and security with visibility of all Entra ID (Azure AD) tenants Active Directory domains and Microsoft 365 Tenants from a single pane of glass with our Better Together with Microsoft.

Fine-grained delegation with least privilege access and role-based access control (RBAC)

Allows for precise control over permissions / privileges across objects of multiple Active Directory Domains, Microsoft 365 tenants and Entra ID (Azure AD) tenants at a fine-grained level with zero standing privileges with a single pane of glass view.

Efficient group management and role management

Efficiently control the access and permissions with dynamic rules, group families with automation of them with policies for groups across your Hybrid environment. This will enhance efficiency and security posture of the AD, Entra ID, Microsoft 365 and Hybrid environment.

Lifecycle management, automation, scripting and workflows

Management of users, groups, roles, contacts, exchange online licenses, Microsoft 365 licenses and objects with configurable approval workflows, automation, policies with extension to the current feature sets and customizable scripts.

AWS directory support

Seamless integration of Active Roles with AWS Directory Service to enjoy the benefits of a zero trust least privilege model, access delegation capabilities and synchronized on-prem user data.


Streamline data consistency across multiple platforms ensuring real-time updates and uniformity of information with multiple industry leading connectors as SCIM 2.0, ServiceNow, Entra ID (Azure AD), Salesforce, Workday, LDAP and more.

Discovery and management of stale objects

Ensure security by removing potential stale objects, which can efficiently maintain its integrity and security posture.

Data consistency, auditing and logging

Comprehensive analysis of user actions ensuring compliance and insights into the operational activities. Enforce policies by cleaning up objects and attribute data to adhere to data standards with least risk for human error.


Hybrid AD ready

Hybrid AD ready

Active Roles is optimized to serve the needs of both on-prem AD and Azure AD in a hybrid deployment. This Active Directory management tool offers a single console, unified workflows and a consistent administrative experience across your entire hybrid environment. With support for multi-tenant, Active Roles eliminates the cumbersome, error-prone, and unnecessary challenges that come with using separate native tools and manual processes.
Secure access with role-based delegation and least-privilege access

Secure access with role-based delegation and least-privilege access

Active Roles provides comprehensive privileged account management for Active Directory and Azure Active Directory. With Active Roles you can implement rule-based delegation and a least-privilege model for all objects within AD and Azure AD, including users and groups. Based on defined administrative policies and associated permissions, Active Roles generates and strictly enforces access rules, eliminating the errors and inconsistencies common with native approaches to hybrid AD management. With this approach you can define who should access what at a granular level for strong security.
Automates AD administration

Automates AD administration

Active Roles excels at automating provisioning of user access rights in AD, AAD and AD-joined systems (including user and group de-provisioning) to ensure an efficient and secure administrative process over the user and group lifecycles. Active Roles automates a wide variety of tasks, including:

  • Creating user accounts and groups in AD and AAD
  • Extending AD/AAD-based account administrative actions to non-Windows systems
  • Creating mailboxes in Exchange and Exchange Online
  • Populating groups across AD and AAD
  • Assigning resources in Windows

When a user’s access needs to be changed or removed, updates are made automatically across all relevant systems and applications in the hybrid AD/AAD, and AD-joined environment. This includes UNIX, Linux and Mac OS X.

Simplifies administration and account lifecycle management and security

Simplifies administration and account lifecycle management and security

Active roles allows you to view and manage multiple AD domains, Azure AD and O365 tenants from a single pane of glass, simplifying administration across your identity ecosystem. With Active Roles, you can manage objects, users and groups, securely synchronizing attributes and passwords from the client domain to the hosted domain. The following can be managed for on-prem, cloud and hybrid environments:

  • Exchange recipients, including mailbox/OCS assignment, creation, movement, deletion, permissions and distribution list management
  • Groups
  • Computers (including shares) printers
  • Active Directory security
  • Cloud-based Azure AD provisioning

Active Roles includes intuitive interfaces to optimize day-to- day administration and help-desk operations of the hybrid AD/AAD environment via both an MMC snap-in and a web interface.

Ensures AD data integrity and compliance

Ensures AD data integrity and compliance

With Active Roles you can establish consistency and accountability through automation. Audit capabilities support compliance reporting. Along with modern authentication using OAUTH, Active Roles has robust and personalized approval procedures that establish an IT process and oversight consistent with business requirements, with responsibility chains that complement the automated management of directory data.

Active Roles allows you to Sync multiple data sources across the organization for consistency and improved security and efficiency.

Active Roles and OneLogin Working Together

Active Roles and OneLogin Workforce Identity Working Together

The powerful combination of Active Roles and OneLogin helps:

  • Increase efficiency and consistency of user and group access management across legacy and cloud applications to help accelerate IT admin and user productivity
  • Empower organizations to adopt a least-privilege model, strengthening overall security
  • Provision role-based access to applications (OneLogin) based on real-time sync with AD (managed by Active Roles) to ensure AD admins and users have only the rights necessary to do their job
Integration with other AD-connected solutions

Integration with other AD-connected solutions

Offering seamless integration as a privilege access management solution for AD, Active Roles complements your existing technology and IAM strategy. It simplifies and consolidates management points by ensuring easy integration with many One Identity products, including Identity Manager, Safeguard, Authentication Services, Password Manager and Change Auditor. Active Roles also automates and extends the capabilities of PowerShell, ADSI, SPML and customizable web interfaces.

Secure Privilege Access Management for AD / Entra ID (Azure AD)/Microsoft 365

Change AD/AAD to AD / Entra ID (Azure AD)/Microsoft 365
Active Roles provides automated user, group and object privilege access with delegation for secure, efficient and consistent identity management.

Supported platforms

To find out what platforms are supported


You’ll only need one Active Directory management tool to control your hybrid AD environment.
Single Pane of Glass
Access Templates
Drag and Drop Workflows
Security Policy
Change History
Microsoft/Office 365 Licensing
Microsoft/Office 365 Roles
Single pine of glass in Active Directory management tool

Single Pane of Glass

You'll only need one management tool to control your hybrid AD/Azure AD environment.

AD Account Lifecycle Management: Six Success Stories

Active Roles is a powerful tool that reduces risk by giving us stronger security, more clarity and visibility, and automatic provisioning. It gives us a solid identity and access management foundation we can really build on.

George Washington University Read Case Study



Active Roles AD Mgmt

Secure and automate the administration, access and provisioning of users and groups for AD/AzureAD
White Paper

KuppingerCole Report Executive View on Active Roles

Read the KuppingerCole Executive View report from analyst Martin Kuppinger on AD account lifecycle management and One Identity ...

Kickstart Zero Trust with Active Roles and OneLogin MFA

Organizations should view Zero Trust as a journey that begins with the protection of identities, many of which reside in Active...
White Paper

10 Steps to enhance the agility, security and performance of Active Directory

In this document, you will learn 10 steps to enhance the agility, security, and performance of Active Directory. Each step will...
White Paper

IDC Spotlight: Fortify Active Directory to Improve Security and Efficiency

Read this analyst Technology Spotlight, written by IDC’s Jay Bretzmann and Frank Dickson, to get an overview of how organizatio...

Unified hybrid Active Directory

Managing on-prem AD is hard enough, but when you throw Azure AD into the mix things can get out of control quickly. This eBook ...
Technical Brief

Increase Security by providing Just-In-Time Privilege for Active Directory

One Identity Just-in-Time Privilege automatically assigns privileges at the time of a credential check-out – and immediately re...
White Paper

How to manage unwanted guests in Azure Active Directory

Do your house guests still have access to your home after they’ve left or overstayed their welcome? You would show them out or...

Get started now

Simplify the security of your Active Directory

Support and services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Education Services

Training courses delivered through online web-based, on-site or virtual instructor-led.