For the best web experience, please use IE11+, Chrome, Firefox, or Safari

Active Roles

Simplify identity management and security with visibility of all Azure AD tenants and Active Directory domains from a single pane of glass. Ensure users and objects have granular privileged access only when they need it with dynamic delegation across your identity landscape. Automate manual processes to increase efficiency and security while accelerating account, group and directory management.
What is Active Roles? | One Identity 03:13

Key benefits

Increase security

Deploy Zero Trust Least Privilege for AD

Delegate permissions based on role to ensure only those who should have access to a given application do, and only for as long as they need it. Find out more

Ensure data integrity and compliance

Maintain accurate data and reporting

Use automation to ensure accuracy and consistency. Audit capabilities provide compliance reporting at your fingertips.

Simplify the management of complex environments

Consolidate onto a single console

Consolidate all AD domains and Azure AD tenants onto a single console, ensuring better visibility and control over your entire AD/AAD environments.

Establish and maintain consistency

Synchronize Directories

Sync multiple data sources across the organization for data consistency and improved security and efficiency.

Bolster efficiency

Automate AD tasks and group management

Automate tasks to ensure accuracy and consistency and reduce manual demands. Easily manage identities and groups and move identities and objects among groups when needed, to accommodate role changes.


Hybrid AD ready

Hybrid AD ready

Active Roles is optimized to serve the needs of both on-prem AD and Azure AD in a hybrid deployment. This Active Directory management tool offers a single console, unified workflows and a consistent administrative experience across your entire hybrid environment. With support for multi-tenant, Active Roles eliminates the cumbersome, error-prone, and unnecessary challenges that come with using separate native tools and manual processes.
Secure access with role-based delegation and least-privilege access

Secure access with role-based delegation and least-privilege access

Active Roles provides comprehensive privileged account management for Active Directory and Azure Active Directory. With Active Roles you can implement rule-based delegation and a least-privilege model for all objects within AD and Azure AD, including users and groups. Based on defined administrative policies and associated permissions, Active Roles generates and strictly enforces access rules, eliminating the errors and inconsistencies common with native approaches to hybrid AD management. With this approach you can define who should access what at a granular level for strong security.
Automates AD administration

Automates AD administration

Active Roles excels at automating provisioning of user access rights in AD, AAD and AD-joined systems (including user and group de-provisioning) to ensure an efficient and secure administrative process over the user and group lifecycles. Active Roles automates a wide variety of tasks, including:

  • Creating user accounts and groups in AD and AAD
  • Extending AD/AAD-based account administrative actions to non-Windows systems
  • Creating mailboxes in Exchange and Exchange Online
  • Populating groups across AD and AAD
  • Assigning resources in Windows

When a user’s access needs to be changed or removed, updates are made automatically across all relevant systems and applications in the hybrid AD/AAD, and AD-joined environment. This includes UNIX, Linux and Mac OS X.

Simplifies administration and account lifecycle management and security

Simplifies administration and account lifecycle management and security

Active roles allows you to view and manage multiple AD domains, Azure AD and O365 tenants from a single pane of glass, simplifying administration across your identity ecosystem. With Active Roles, you can manage objects, users and groups, securely synchronizing attributes and passwords from the client domain to the hosted domain. The following can be managed for on-prem, cloud and hybrid environments:

  • Exchange recipients, including mailbox/OCS assignment, creation, movement, deletion, permissions and distribution list management
  • Groups
  • Computers (including shares) printers
  • Active Directory security
  • Cloud-based Azure AD provisioning

Active Roles includes intuitive interfaces to optimize day-to- day administration and help-desk operations of the hybrid AD/AAD environment via both an MMC snap-in and a web interface.

Ensures AD data integrity and compliance

Ensures AD data integrity and compliance

With Active Roles you can establish consistency and accountability through automation. Audit capabilities support compliance reporting. Along with modern authentication using OAUTH, Active Roles has robust and personalized approval procedures that establish an IT process and oversight consistent with business requirements, with responsibility chains that complement the automated management of directory data.

Active Roles allows you to Sync multiple data sources across the organization for consistency and improved security and efficiency.

Active Roles and OneLogin Working Together

Active Roles and OneLogin Workforce Identity Working Together

The powerful combination of Active Roles and OneLogin helps:

  • Increase efficiency and consistency of user and group access management across legacy and cloud applications to help accelerate IT admin and user productivity
  • Empower organizations to adopt a least-privilege model, strengthening overall security
  • Provision role-based access to applications (OneLogin) based on real-time sync with AD (managed by Active Roles) to ensure AD admins and users have only the rights necessary to do their job
Integration with other AD-connected solutions

Integration with other AD-connected solutions

Offering seamless integration as a privilege access management solution for AD, Active Roles complements your existing technology and IAM strategy. It simplifies and consolidates management points by ensuring easy integration with many One Identity products, including Identity Manager, Safeguard, Authentication Services, Password Manager and Change Auditor. Active Roles also automates and extends the capabilities of PowerShell, ADSI, SPML and customizable web interfaces.

Secure Privilege Access Management for AD/AAD

Secure Privilege Access Management for AD/AAD
Active Roles provides automated user, group and object privilege access with delegation for secure, efficient and consistent identity management.

Supported platforms

To find out what platforms are supported


You’ll only need one Active Directory management tool to control your hybrid AD environment.
Single Pane of Glass
Access Templates
Drag and Drop Workflows
Security Policy
Change History
Microsoft/Office 365 Licensing
Microsoft/Office 365 Roles
Single pine of glass in Active Directory management tool

Single Pane of Glass

You'll only need one management tool to control your hybrid AD/Azure AD environment.



Active Roles AD Mgmt

Secure and automate the administration, access and provisioning of users and groups for AD/AzureAD
White Paper

KuppingerCole Report Executive View on Active Roles

Read the KuppingerCole Executive View report from analyst Martin Kuppinger on AD account lifecycle management and One Identity ...

Kickstart Zero Trust with Active Roles and OneLogin MFA

Organizations should view Zero Trust as a journey that begins with the protection of identities, many of which reside in Active...
White Paper

10 Steps to enhance the agility, security and performance of Active Directory

In this document, you will learn 10 steps to enhance the agility, security, and performance of Active Directory. Each step will...
White Paper

IDC Spotlight: Fortify Active Directory to Improve Security and Efficiency

Read this analyst Technology Spotlight, written by IDC’s Jay Bretzmann and Frank Dickson, to get an overview of how organizatio...

Unified hybrid Active Directory

Managing on-prem AD is hard enough, but when you throw Azure AD into the mix things can get out of control quickly. This eBook ...
Case Study

The City of Coppell secures citizen and employee information with Active Roles

Active Roles removes cumbersome and error-prone manual processes from Active Directory user lifecycle management
White Paper

Improve Security and Efficiency via Active Directory and Microsoft Entra

Active Directory and Microsoft Entra are at the core of many successful identity management programs. However, due to the risk...

Get started now

Simplify the security of your Active Directory

Support and services

Product Support

Self-service tools will help you to install, configure and troubleshoot your product.

Support Offerings

Find the right level of support to accommodate the unique needs of your organization.

Education Services

Training courses delivered through online web-based, on-site or virtual instructor-led.


Before installing Active Roles 7.4, ensure that your system meets the following minimum hardware and software requirements.

Active Roles includes the following components:

  • Administration Service
  • Web Interface
  • Console (MMC Interface)
  • Management Tools
  • Synchronization Service

This section lists the hardware and software requirements for installing and running each of these components.