Simplify identity security and management with visibility of all Entra ID (Azure AD) tenants and Microsoft 365 and Active Directory domains from a single pane of glass. Ensure users, objects and groups have fine grained privileged access only when they need it with dynamic delegation across your identity landscape to prevent AD breaches before they occur. Automate manual processes and enforce policies across your environment to increase efficiency and security while accelerating account, group and directory management.
Hybrid Active Directory, Entra ID and Microsoft 365 security and management
Manage all Active Directory domains, Entra ID (Azure AD) and Microsoft 365 tenants from a single pane of glass
Fine-grained delegation with least privilege access and role-based access control (RBAC)
Control over permissions / privileges across multiple Active Directory Domains, Entra ID (Azure AD) and Microsoft 365 tenants with zero standing privileges.
AWS Managed AD with Active Roles consolidates domains and tenants onto a single pane of glass and synchronizes identities and identity data between on-prem and the cloud.
Synchronization
Real-time updates with industry-leading connectors including SCIM 2.0, ServiceNow, Entra ID (Azure AD), Salesforce, Workday, LDAP and more.
Discovery and management of stale objects and persistent privilege
Identify potential stale objects and standing privilege
Change history and user activity tracking with data integrity features
Automate AD Administration
Automate user account and group creation, mailboxes, and group population across your hybrid environment.
Secure Privilege Access Management for AD / Entra ID /Microsoft 365
Active Roles provides automated user, group and object privilege access with delegation for secure, efficient and consistent identity management.
Screenshot Tour
Change History
Dynamic Groups
Add Rules
Temporal Group Membership
Virtual Attributes
Access Templates
Policies and Policy management
Managing active directories
Managing EntraID (AzureAD)
Active Roles web interfaces
Change History
Change History
The Change History log can be accessed from the Active Roles Console, allowing you to quickly review the changes made to any user or group. This includes details on what changes were made, when they occurred and who made them. For example, if a user's password was reset via Active Roles, the change history will show when the reset occurred and who performed it.
Dynamic Groups
Dynamic Groups
Active Directory allows groups (referred to here as basic groups) to include members statically by selecting objects and adding them to groups manually. In contrast, Active Roles provides a flexible, rule-based mechanism for populating groups. Once set up, this process automatically adds and removes members from groups based on predefined rules.
Add Rules
Add Rules
Add Membership Rules with the tab in the Properties dialog.
Temporal Group Membership
Temporal Group Membership
By using temporal group memberships, Active Roles provides the ability to automate the tasks of adding or removing group members who only need access for a specific time period. Administrators can specify the exact time to add objects, such as users, computers, or groups, to a particular group and indicate when these objects should be removed from the group. This feature simplifies the management of temporary group memberships.
Virtual Attributes
Virtual Attributes
Active Roles offers the ability to define custom (virtual) attributes for any existing object type. This allows additional object properties to be specified without extending the Active Directory schema. For example, custom attributes can be used to store specific user data. You can configure a virtual attribute to store its value in the Active Roles database. Otherwise, to use the virtual attribute, you would need to implement a script policy to manage the attribute value.
Access Templates
Access Templates
Active Roles offers an extensive suite of preconfigured Access Templates that represent typical administrative roles, enabling the correct level of administrative authority to be delegated quickly and consistently.
Policies and Policy management
Policies and Policy management
A Policy Object is a collection of administrative policies that define the business rules to be enforced. A Policy Object includes stored policy procedures and specifications of events that trigger each procedure. A Policy Object associates specific events with its policy procedures, which can be built-in procedures or custom scripts. This provides an easy way to define policy constraints, implement sophisticated validation criteria, synchronize different data sources and perform several administrative tasks in a single batch.
Managing active directories
Managing active directories
Active Directory domains registered with Active Roles are referred to as managed domains. Each Administration Service maintains a list of managed domains and stores this list in the Administration Database as part of the service configuration.
Managing EntraID AzureAD
Managing EntraID (AzureAD)
Active Roles facilitates the administration and provisioning of Azure AD resources in on-premises, cloud-only and hybrid environments as well. You can manage all these resources through the Active Roles Web Interface.
Active Roles web interfaces
Active Roles web interfaces
Active Roles supports three types of web interfaces by default. These can be expanded and customized for any purpose.