A powerful and secure combo – One Identity Active Roles and AWS Managed Microsoft Active Directory

The combination of AWS Directory Service (AWS Managed Microsoft Active Directory) and One Identity Active Roles (AR) increases cybersecurity, and a more secure admin-delegation functionality.

When organizations embrace AWS Directory Service and One Identity Active Roles, they get the benefit of a well-managed directory infrastructure and an easy way to get there. AWS Directory Service reduces the AD attack surface, automates AD-related tasks and secure directories. Plus, with your AD data consolidated to AWS, you can leverage those identities to access other AWS services.

These integrations provide:

1. Synchronize objects of your on-prem AD to AWS Managed Microsoft AD (AWS Directory Service) to enable and accelerate moving to the secured directory.
2. Manage all of your on-prem and AWS Managed AD through a single, customizable web interface and console.
3. Control object and attribute-level access to multiple directories by granting or denying access based on attributes not OUs, simply by applying access templates.

Simplify your AD strategy with AWS Directory Service

Active Roles is a long-time preferred AD management resources for admins and security types with its delegation, workflow/automation and synchronization of AD and Entra ID (formerly known as Azure AD). If you have a single Active Directory and an Entra ID tenant tied to M365, Active Roles provides automated provisioning, dynamic delegation outside of domain and OU structure, as well as critical functions, such as workflows/change approval, and auditing. Ultimately, this enhances AD security while providing a user-friendly interface.

Sync cloud and on-prem data securely

AWS Directory Service and Active Roles working together give organizations the capabilities to not only move to a cloud directory provider but enhance the security of both the AWS Directory Service and their on-premises AD. AWS provides the secure directory, Active Roles provides:

• Directory synchronization: Sync on-premises AD to AWS Directory Service. This means users and groups data, including password changes, can be easily synchronized to AWS Directory exactly as they are in the on-premises AD.
• Delegate administration to all levels: From the top-tier AD admins to the front-line business users, Active Roles allows admins to perform the tasks they need without over-permissioning.
• AD Object Management: Automated lifecycle management of AWS Managed AD objects and access to them with MMC Console and a customizable web interface.

Admin permissions – PAM for AD

Active Roles is known to provide highly enhanced security for AD while making the admin experience much easier, faster, and simpler. This is especially true, if your AD infrastructure has some complexities – such as multiple AD forests and domains, or multiple Entra ID tenants – or an AD LDS directory. Active Roles can help simplify management of it. It delivers the admin access needed to be productive while also providing directory guardrails to ensure all the objects and attributes comply with technical requirements and corporate policies.