One Identity Active Roles is an identity governance and administration solution for managing Active Directory, Entra ID (Azure AD), and Microsoft 365 environments. The product provides centralized management of multiple AD domains and Entra ID tenants from a single console. The solution implements fine-grained delegation with role-based access control (RBAC) and zero standing privileges across hybrid identity environments. It supports temporal group memberships that automatically add or remove members based on time periods, and dynamic groups that populate automatically based on predefined rules. Active Roles includes lifecycle management capabilities for users, groups, roles, contacts, Exchange Online, and Microsoft 365 licenses through configurable workflows and customizable scripts. The product offers policy-based automation for AD administration tasks including account creation, group management, and mailbox provisioning. The solution provides change history tracking and user activity logging for compliance auditing and remediation. It includes discovery capabilities for identifying stale objects and persistent privileges. Virtual attributes allow administrators to define custom properties for objects without extending the Active Directory schema. Active Roles supports AWS Managed AD environments and includes synchronization capabilities with real-time updates through connectors. The product offers multiple web interfaces that can be customized for different administrative purposes.