For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Active Roles

Extend and enhance native capabilities of Active Directory and Azure Active Directory with One Identity Active Roles. Accelerate account, group and directory management and eliminate manual processes to increase efficiency and security. Focus on other IT tasks knowing your critical data, user permissions and privileged access are under control.
Unifying the Management of your On-prem and Azure AD Environments with Active Roles 02:59

Key benefits

Deploy Zero Trust and Privileged Security for AD

Automate AD tasks and group management

Simplify the management of complex environments

Delegate and manage permissions accurately


Increase AD Efficiency

Accelerate administration, remove the need for heavy IT involvement and reduce manual errors

Improve security

Deploy Zero Trust with delegated permissions

Simplify management

Control complex environments with a single point of administration

Secure access

Control access through delegation using a least-privilege model


Hybrid AD ready

Hybrid AD ready

Active Roles is optimized to serve the needs of both on-prem AD and Azure AD in a hybrid deployment. This Active Directory management tool offers a single console, unified workflows and a consistent administrative experience across your entire hybrid environment. With support for multi-tenant, Active Roles eliminates the cumbersome, error-prone, and unnecessary challenges that come with using separate native tools and manual processes.
Secure access with Active Directory management tool

Secure access with Active Directory management tool

Active Roles provides comprehensive privileged account management for Active Directory and Azure Active Directory, enabling you to control access through delegation using a least-privilege model. Based on defined administrative policies and associated permissions, it generates and strictly enforces access rules, eliminating the errors and inconsistencies common with native approaches to hybrid AD management. Along with modern authentication using OAUTH, Active Roles has robust and personalized approval procedures that establish an IT process and oversight consistent with business requirements, with responsibility chains that complement the automated management of directory data.
Automate account administration with Active Directory security

Automate account administration with Active Directory security

Active Roles automates a wide variety of tasks, including:

  • Creating user accounts and groups in AD and AAD
  • Extending AD/AAD-based account administrative actions to non-Windows systems and SaaS applications
  • Creating mailboxes in Exchange and Exchange Online
  • Populating groups across AD and AAD
  • Assigning resource in Windows

As an Active Directory management tool, it excels at automating provisioning of user access rights in AD, AAD and AD-joined systems (including user and group de-provisioning) to ensure an efficient and secure administrative process over the user and group lifecycles. When a user’s access needs to be changed or removed, updates are made automatically across all relevant systems and applications in the hybrid AD/AAD environment, as well as AD-joined systems. This includes UNIX, Linux, Mac OS X and a rich and growing collection of popular SaaS applications via the One Identity Starling Connect solution.

Day to day directory management

Day to day directory management

With Active Roles, you can easily manage all of the following for both the on-prem and Azure AD environments:

  • Exchange recipients, including mailbox/OCS assignment, creation, movement, deletion, permissions and distribution list management
  • Groups management
  • Computers, including shares, printers, local users and groups
  • Active Directory security 
  • Cloud-based Azure Active Directory provisioning

Active Roles includes intuitive interfaces to optimize day-to- day administration and help-desk operations of the hybrid AD/AAD environment via both an MMC snap-in and a web interface.

Active Roles and OneLogin Working Together

Active Roles and OneLogin Workforce Identity Working Together

The powerful combination of Active Roles and OneLogin helps:

  • Increase efficiency and consistency of user and group access management across legacy and cloud applications to help accelerate IT admin and user productivity
  • Empower organizations to adopt a least-privilege model, strengthening overall security
  • Provision role-based access to applications (OneLogin) based on real-time sync with AD (managed by Active Roles) to ensure AD admins and users have only the rights necessary to do their job
Extend the administrative scope

Extend the administrative scope

With its support of the SCIM standard, Active Roles offers unparalleled capabilities as the Active Directory management tool for nearly every popular SaaS application (via One Identity Starling Connect), including extending the AD-based account and group administration.
Manage groups and users in a hosted environment with our Active Directory management tool

Manage groups and users in a hosted environment with our Active Directory management tool

Synchronize AD domain clients with host AD domain in hosted environments. Active Roles enables user and group account management from the client domain to the hosted domain, while also synchronizing attributes and passwords, which also benefits your Active Directory security concerns. Utilize out-of-the-box connectors to synchronize your on-premises AD accounts to Microsoft Office 365, Lync Online / Skype for Business and SharePoint Online.
Consolidate management points through integration

Consolidate management points through integration

Offering seamless integration as an Active Directory management tool, Active Roles complements your existing technology and IAM strategy. It simplifies and consolidates management points by ensuring easy integration with many One Identity products, including Identity Manager, Safeguard, Authentication Services, Password Manager and Change Auditor. Active Roles also automates and extends the capabilities of PowerShell, ADSI, SPML and customizable web interfaces.

Active Roles comes with all the synchronization technology necessary to manage and secure:

  • Oracle Database
  • Oracle Unified Directory
  • Micro Focus NetIQ Directory
  • IBM AS/400
  • Lync / Skype for Business
  • Exchange
  • One Drive
  • SharePoint
  • AD LDS
  • Office 365 (including roles and groups)
  • Azure AD
  • Microsoft SQL Server
  • OLE DB (MS Access)
  • Flat file

Automatic, consistent, and complete management

Automatic, consistent, and complete management

Automatic, consistent, and complete management

Active Roles overcomes the shortcomings of native tools for hybrid Active Directory management and security

Supported platforms

Lync / Skype for Business


One Drive



Office 365

Azure AD

Microsoft SQL Server

OLE DB (MS Access)

Flat file


You’ll only need one Active Directory management tool to control your hybrid AD environment.
Single Pane of Glass
Access Templates
Drag and Drop Workflows
Security Policy
Change History
Single Pane of Glass

Single Pane of Glass

Manage all systems in your hybrid AD environment with a single pane of glass


Before installing Active Roles 7.4, ensure that your system meets the following minimum hardware and software requirements.

Active Roles includes the following components:

  • Administration Service
  • Web Interface
  • Console (MMC Interface)
  • Management Tools
  • Synchronization Service

This section lists the hardware and software requirements for installing and running each of these components.




Active Roles AD Mgmt

Secure and automate the administration, access and provisioning of users and groups for AD/AzureAD
White Paper

KuppingerCole Report Executive View on Active Roles

Read the KuppingerCole Executive View report from analyst Martin Kuppinger on AD account lifecycle management and One Identity ...

Kickstart Zero Trust with Active Roles and OneLogin MFA

Organizations should view Zero Trust as a journey that begins with the protection of identities, many of which reside in Active...
White Paper

Better Together: 10 ways to elevate Active Directory with One Identity Active Roles

In this document, you will learn 10 steps to enhance the agility, security, and performance of Active Directory. Each step will...
White Paper

IDC Spotlight: Fortify Active Directory to Improve Security and Efficiency

Read this analyst Technology Spotlight, written by IDC’s Jay Bretzmann and Frank Dickson, to get an overview of how organizatio...
White Paper

10 Best Practices for Managing and Securing Microsoft Active Directory in an Evolving IT World

Thousands of innovative IT leaders worldwide are optimizing their Identity and Access Management programs with improve Active D...

Unified hybrid Active Directory

Managing on-prem AD is hard enough, but when you throw Azure AD into the mix things can get out of control quickly. This eBook ...
White Paper

4 Benefits of Just-In-Time (JIT) Privilege

Active Directory (AD) is a prime target for bad actors. Learn about the 4 benefits of Just-In-Time Privilege, and how they help...

Get started now

Simplify the security of your Active Directory

Support and services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Education Services

Training courses delivered through online web-based, on-site or virtual instructor-led.