For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Products

Identity Governance and Administration

Log Management

View All Products

Solutions

Achieve identity-centric cybersecurity to protect the people, applications and data that are essential to business

All Solutions

All Integrations

Behavior Driven Governance

Gain full visibility into which access rights are being used, how and by whom. Enforce the principle of least privilege and reduce vulnerabilities and licensing costs.
Enhanced Active Directory Governance

Streamline AD/Entra ID management with enhanced security, simplified integration and advanced governance that goes beyond traditional IGA connectors.
Privileged access governance

Close the gap between privileged access and standard user identities across the enterprise.
Advanced Authentication

Fortify your defenses with strong and adaptive authentication, preventing unauthorized access to your most critical systems, applications and sensitive data.
Enhance log management

Reliably collect, store and manage logs from hundreds of systems across the enterprise.
Support digital transformation

Take measured steps to ensure digital transformation initiatives stay in line with identity security best practices.
Drive operational efficiencies

Streamline process, reduce errors and minimize complexity associated with managing identities.
AI-driven security with built-in predictive insights

At One Identity, AI isn’t just an add-on: It’s built-in to deliver predictive insights right out of the box.
Unify your identity security environment with One Identity fabric

The One Identity fabric weaves together previously siloed identity tools, creating a unified and seamless identity and access management framework.

Support & Services

Partners

About

Blogs

Communities

Free Trials

Active Roles

Simplify identity security and management with visibility of all Entra ID (Azure AD) tenants and Microsoft 365 and Active Directory domains from a single pane of glass. Ensure users, objects and groups have fine grained privileged access only when they need it with dynamic delegation across your identity landscape. Automate manual processes and enforce policies across your environment to increase efficiency and security while accelerating account, group and directory management.

03:13

Virtual Trial Questions? Contact us Calculate ROI

Key benefits

Deploy zero trust least privilege for AD, Entra ID, and Microsoft 365

Ensure data integrity and compliance

View and manage all AD domains and Entra ID tenants from a single console

Synchronize identities across directories

Automate AD policies, tasks and group management

Integration with other Active Directory solutions

Cybersecurity Excellence Award

“We congratulate One Identity on this outstanding achievement in the ‘Hybrid Active Directory Protection’ category of the 2025 Cybersecurity Excellence Awards,” said Holger Schulze, founder of Cybersecurity Insiders and organizer of the Cybersecurity Excellence Awards. “As we celebrate 10 years of recognizing excellence in cybersecurity, your innovation, commitment, and leadership set a powerful example for the entire industry.”

Barry University

"If there was another university that had some pain points in administering their active directory using native AD tools, Active Roles would be the best..."

Kerri-Quaan Stewart - Identity and Access Control Manager

Read Case Study

Falkenberg Municipality

"One of our most important tasks was to automate all the processes that we could. With Active Roles, this has been a great success."

Torbjörn Larsson - CIO

Read Case Study

UK Parliament

"With One Identity Active Roles we have a clear view of who has permissions at any one time as well as in the past. There is no room for error."

Cherry O’Donnell - Head of Identity and Access Management

Read Case Study

Large retail chain

"The policies we have in Active Roles keep our Active Directory organized and ensure that everything is done consistently, which simplifies things for the admins and for me."

Large retail chain - Enterprise Administrator

Read Case Study

Features

Hybrid Active Directory, Entra ID and Microsoft 365 security and management

Manage all Active Directory domains, Entra ID (Azure AD) and Microsoft 365 tenants from a single pane of glass

Fine-grained delegation with least privilege access and role-based access control (RBAC)

Control over permissions / privileges across multiple Active Directory Domains, Entra ID (Azure AD) and Microsoft 365 tenants with zero standing privileges.

Efficient group management and role management

Control access and permissions with dynamic rules, group families and policies with automation.

Lifecycle management, automation, scripting and workflows

Manage users, groups, roles, contacts, Exchange Online, and Microsoft 365 licenses and objects with configurable workflows and customizable scripts.

AWS directory support

AWS Managed AD with Active Roles consolidates domains and tenants onto a single pane of glass and synchronizes identities and identity data between on-prem and the cloud.

Synchronization

Real-time updates with industry-leading connectors including SCIM 2.0, ServiceNow, Entra ID (Azure AD), Salesforce, Workday, LDAP and more.

Discovery and management of stale objects and persistent privilege

Identify potential stale objects and standing privilege

User activity tracking to prepare for audit and remediation

Change history and user activity tracking with data integrity features

Automate AD Administration

Automate user account and group creation, mailboxes, and group population across your hybrid environment.

Secure Privilege Access Management for AD / Entra ID /Microsoft 365

Active Roles provides automated user, group and object privilege access with delegation for secure, efficient and consistent identity management.

Screenshot Tour

Change History

Dynamic Groups

Add Rules

Temporal Group Membership

Virtual Attributes

Access Templates

Policies and Policy management

Managing active directories

Managing EntraID (AzureAD)

Active Roles web interfaces

Change History

The Change History log can be accessed from the Active Roles Console, allowing you to quickly review the changes made to any user or group. This includes details on what changes were made, when they occurred and who made them. For example, if a user's password was reset via Active Roles, the change history will show when the reset occurred and who performed it.

Dynamic Groups

Active Directory allows groups (referred to here as basic groups) to include members statically by selecting objects and adding them to groups manually. In contrast, Active Roles provides a flexible, rule-based mechanism for populating groups. Once set up, this process automatically adds and removes members from groups based on predefined rules.

Add Rules

Add Membership Rules with the tab in the Properties dialog.

Temporal Group Membership

By using temporal group memberships, Active Roles provides the ability to automate the tasks of adding or removing group members who only need access for a specific time period. Administrators can specify the exact time to add objects, such as users, computers, or groups, to a particular group and indicate when these objects should be removed from the group. This feature simplifies the management of temporary group memberships.

Virtual Attributes

Active Roles offers the ability to define custom (virtual) attributes for any existing object type. This allows additional object properties to be specified without extending the Active Directory schema. For example, custom attributes can be used to store specific user data. You can configure a virtual attribute to store its value in the Active Roles database. Otherwise, to use the virtual attribute, you would need to implement a script policy to manage the attribute value.

Access Templates

Active Roles offers an extensive suite of preconfigured Access Templates that represent typical administrative roles, enabling the correct level of administrative authority to be delegated quickly and consistently.

Policies and Policy management

A Policy Object is a collection of administrative policies that define the business rules to be enforced. A Policy Object includes stored policy procedures and specifications of events that trigger each procedure. A Policy Object associates specific events with its policy procedures, which can be built-in procedures or custom scripts. This provides an easy way to define policy constraints, implement sophisticated validation criteria, synchronize different data sources and perform several administrative tasks in a single batch.

Managing active directories

Active Directory domains registered with Active Roles are referred to as managed domains. Each Administration Service maintains a list of managed domains and stores this list in the Administration Database as part of the service configuration.

Managing EntraID (AzureAD)

Active Roles facilitates the administration and provisioning of Azure AD resources in on-premises, cloud-only and hybrid environments as well. You can manage all these resources through the Active Roles Web Interface.

Active Roles web interfaces

Active Roles supports three types of web interfaces by default. These can be expanded and customized for any purpose.

Resources

View All

Datasheet

Get started now

Simplify the security of your Active Directory

Virtual Trial Questions? Contact us Calculate ROI

Privileged Access Management

Access Management

Identity Governance and Administration

Active Directory Management

Log Management

Behavior Driven Governance

Enhanced Active Directory Governance

Privileged access governance

Advanced Authentication

Enhance log management

Support digital transformation

Drive operational efficiencies

AI-driven security with built-in predictive insights

Unify your identity security environment with One Identity fabric

Active Roles

Key benefits

Deploy zero trust least privilege for AD, Entra ID, and Microsoft 365

Ensure data integrity and compliance

View and manage all AD domains and Entra ID tenants from a single console

Synchronize identities across directories

Automate AD policies, tasks and group management

Integration with other Active Directory solutions

Cybersecurity Excellence Award

Barry University

Falkenberg Municipality

UK Parliament

Large retail chain

Features

Hybrid Active Directory, Entra ID and Microsoft 365 security and management

Fine-grained delegation with least privilege access and role-based access control (RBAC)

Efficient group management and role management

Lifecycle management, automation, scripting and workflows

AWS directory support

Synchronization

Discovery and management of stale objects and persistent privilege

User activity tracking to prepare for audit and remediation

Automate AD Administration

Secure Privilege Access Management for AD / Entra ID /Microsoft 365

Screenshot Tour

Change History

Dynamic Groups

Add Rules

Temporal Group Membership

Virtual Attributes

Access Templates

Policies and Policy management

Managing active directories

Managing EntraID (AzureAD)

Active Roles web interfaces

Supported platforms and integrations

Resources

Active Roles AD Mgmt

I Can Breach Your AD Over My Morning Coffee and other horror stories to keep you up at night

Top 10 Misconfigurations in AD

Managing the Invisible Risk of Non Human Identities

Best Practices for Active Directory Security and Governance

Using role management to protect against AD and Entra ID related risk

Building a Security Framework that Strengthens Your Cybersecurity Profile

Cornell University secures a distributed AD environment

Get started now

Related products

Identity Manager

Safeguard

OneLogin Workforce

Safeguard Authentication Services

Starling Connect

Password Manager

Support and services

Product Support

Support Offerings

Education Services