Sold by: One Identity
Deployed on AWS
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users.
4
Overview
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to simplify searching for events and reporting so you can more easily meet your auditing and compliance requirements. In addition, Safeguard for Privileged Sessions serves as a proxy, and inspects the protocol traffic on the application level and can reject any traffic violating the protocol - thus making it an effective shield against attacks. In transparent mode, only minimal network changes are required and users do not have to change their workflow or client applications, which makes implementation a breeze. However, workflow can be configured so you can authenticate users, limit access to specific resources, authorize and view active connections, and receive an alert if connections exceed preset time limits. Safeguard can also monitor sessions in real time and execute various actions: if a risky command or application appears, it can send you an alert or immediately terminate the session.
To purchase via private offer, please visit: https://www.oneidentity.com/register/110890/
Highlights
- Full session audit, recording and replay, all session activity, down to the keystroke, mouse movement and windows viewed is captured, indexed and stored in tamper-proof audit trails that can be viewed like a video and searched like a database.
- REAL-TIME ALERTING AND BLOCKING: In the case of detecting a suspicious user action, Safeguard can log the event, send an alert or immediately terminate the session.
- PROXY ACCESS AND FULL TEXT SEARCH: Since users have no direct access to resources, the enterprise is protected against unauthorized and unfettered access to sensitive data and systems. With OCR auditors can do full text searches.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 8.0.2
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
All fees are non-refundable and non-cancellable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
BeyondTrust is a leading Privileged Access Management (PAM) solution that secures and manages privileged accounts across your organization. With advanced threat protection, session monitoring, and least privilege enforcement, it minimizes security risks while enhancing compliance. Simplify access management and safeguard critical assets with BeyondTrust.
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
miniOrange's PAM solution ensures robust Privileged Access Management across cloud, on-premises, and hybrid environments. Here’s how it benefits your business: enhances visibility, streamlines deployment, and automated processes, and boosts security, along with risk minimization. It enables companies to securely manage, control, and monitor privileged access anywhere in the digital infrastructure.
Customer reviews
Helena Helena
Strong data protection has improved compliance and centralized monitoring for sensitive access
Reviewed on May 13, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Safeguard is for strong security, and it also helps me to store my information, to protect my data, and focus on data protection compliance.
One specific example of how I use it for security is to protect my data from external access. Regarding security compliance, I am able to set the metrics and also set the guidelines and the regulations about how my software should be stored and kept.
What is most valuable?
One Identity Safeguard provides multiple features, including data protection services. These tools are able to assess the security demands and compliance requirements. After assessing, I am able to know how data can be saved, and when data is properly saved, everything becomes easier because my data is stored securely and no one can access it.
One of the reasons why I need this is because it has the ability to centralize security monitoring across the entire data infrastructure, and it helps to automate and connect devices in a single platform whereby I can safeguard my data through multiple authentications.
Among the features, there is the AI assistant which helps to verify the quality of data and also verifies the security setups. I appreciate that this tool eliminates the manual process and time-consuming tasks for gathering evidence for compliance by auditing automatically, and it also pulls information from all integrated tools. This helps to ensure that the security of the integrated ecosystem is functioning and protected.
One Identity Safeguard works with One Login, and when they work together, they provide the best outcome which increases the security factors. Cloud integration is another valuable feature that enhances the overall security capabilities.
What needs improvement?
I find it challenging mostly when managing complex work, especially when trying to implement it on a larger scale; sometimes it becomes slow, and the automation process also slows down. I believe it should be improved upon when implementing it on an enterprise scale or with complexity; it should be faster than it currently is.
For how long have I used the solution?
I have been using One Identity Safeguard for two years.
What do I think about the stability of the solution?
One Identity Safeguard is very stable.
What do I think about the scalability of the solution?
The scalability is good; it runs without issues.
How are customer service and support?
The excellent customer support provided during the integration made sure it did not disrupt my users, thanks to the support from both customer service and technicians from the vendor.
Which solution did I use previously and why did I switch?
I previously used a solution called Microsoft Entra ID ; it was expensive and not easy to operate, which is why I decided to switch.
How was the initial setup?
The deployment of the solution took around one to two weeks.
After using One Identity Safeguard, I can say it operates effectively with One Login; when these two tools work together, I find that as a user, I save a lot of funds because they provide extremely high privacy. In this way, they ensure security is maintained, saving time and the costs of employing more workers to oversee increased compliance regulations over personal information. The system is reliable and performs effectively, reducing the need for extensive monitoring and therefore costs.
The integration with the cloud targets was somewhat complex initially, but it became easier after understanding the entire process of integration. After acquiring an integration specialist, everything became very easy and user-friendly.
The initial deployment was somewhat disruptive, but the excellent customer support provided during the integration made sure it did not disrupt my users, thanks to the support from both customer service and technicians from the vendor.
What about the implementation team?
Since we were using One Login along with One Identity Safeguard, it took us around one week for full training and a few days for practice implementing what we were trained on. Overall, it took around two weeks to fully understand how the tool operates.
We use virtual appliances because they are easier to operate and use compared to physical appliances. Additionally, for those of us who are located remotely, purchasing this tool is easier with the virtual appliance compared to physical appliances.
What was our ROI?
After deploying this tool, it saves time; under policy governance, policy monitoring, and more integrations and configurations, it requires very few users to run and operate, which ultimately saves costs as well.
What's my experience with pricing, setup cost, and licensing?
The pricing and setup cost were negotiable depending on requirements and usage, which made it relatively friendly and accommodating compared to other tools.
Which other solutions did I evaluate?
I evaluated Microsoft Entra ID as well as the CyberArk tool before choosing One Identity Safeguard.
What other advice do I have?
One Identity Safeguard is powerful because it provides beneficial features that support clean integration with different tools, significantly improving security and automation processes. The navigation process is easy, and the platform has been extremely valuable for managing customer relationships as well as tracking and providing a centralized system for managing privacy and protecting accounts, as well as safeguarding data.
The reporting capacity is beneficial because it allows me to deal with customer reports about security purposes and understand what is occurring. Users say it is faster; for example, I can input the name of the information or the device I want to control, and this allows me to access it and do what is needed. The platform is intuitive, operates as demonstrated, and easily integrates with the existing platform.
Regarding integration, I primarily integrate One Identity Safeguard with cloud targets. I give One Identity Safeguard a rating of ten out of ten.
Sohan Mulik
Centralized privileged access has improved security, audits, and daily administration
Reviewed on May 06, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for One Identity Safeguard is that it serves as a secure, strong PAM solution, and we are using it for PAM authentication.
In daily work, we use One Identity Safeguard for privilege access management, including secure PAM authentication, password vaulting, access request approval, session monitoring, and automatic password rotation for privileged accounts and service servers.
Apart from PAM authentication, we also use One Identity Safeguard for secure privileged session management, auditing, compliance, tracking, and centralized control for critical administrative accounts. It helps to improve security, accountability, and operational efficiency in daily infrastructure management.
How has it helped my organization?
One Identity Safeguard has improved our organization's security posture by providing centralized privileged access management, secure password vaulting, and session monitoring. It has helped to reduce manual password handling, improve compliance and audit tracking, and increase accountability for privileged access activities. Overall, it enhances operational security, streamlines access management, and reduces risks related to privileged accounts.
We have seen improvements in multiple areas. It helped reduce risks related to privileged account misuse by enforcing secure password management and session monitoring. We also saved operational time through automated password rotation and centralized access control. From a compliance perspective, auditing and session recording made it easier during security reviews and audit processes, improving overall accountability and traceability.
What is most valuable?
One Identity Safeguard offers several strong features for PAM. The best ones are password vaulting, automatic password rotation, privileged session monitoring and recording, role-based access control, and approval workflows. I also appreciate the centralized log management, auditing and compliance reporting, and integration with Active Directory and enterprise environments. Features such as session playback, real-time monitoring, and REST API support are very useful for daily administration and security operations.
The feature that has had the biggest impact on my daily operations is the password vaulting and automatic password rotation. It has significantly improved security by eliminating manual password sharing and reducing the risk of unauthorized access. It also saves operational time because administrators can securely request access through One Identity Safeguard without knowing the actual password. Session monitoring and auditing also help a great deal during troubleshooting and compliance reviews.
One additional advantage is that it provides centralized control and complete audit visibility for privileged access activities.
What needs improvement?
One Identity Safeguard is a strong PAM solution, but there are some areas for improvement. The initial deployment and integration process can be complex in large enterprise environments. The user interface and reporting can be improved to make administration and troubleshooting easier. More simplified integration with cloud platforms and third-party tools would also help.
For how long have I used the solution?
I have been using One Identity Safeguard for the last three years.
What do I think about the stability of the solution?
One Identity Safeguard is a stable and reliable PAM solution in our experience. We have seen good performance with minimal downtime, especially for password vaulting, session monitoring, and privileged access workflows. It handles enterprise environments well when properly configured and maintained.
What do I think about the scalability of the solution?
One Identity Safeguard is highly scalable and works well for enterprise environments. It supports scaling through clustering, distributed architecture, and high availability options, which helps handle growing numbers of privileged accounts, sessions, and users efficiently. In our experience, it has managed increasing workloads and integration without major performance issues.
How are customer service and support?
Customer support has generally been good in our experience. The support team is knowledgeable and helpful, especially for One Identity Safeguard's standard deployment, configuration, and troubleshooting issues. Response times are usually reasonable, although complex enterprise-level issues can sometimes take longer to resolve and require escalation.
Which solution did I use previously and why did I switch?
Earlier, we were using a more manual approach along with basic privileged account management processes. We moved to One Identity Safeguard to improve centralized privileged access control, password vaulting, session monitoring, compliance, and overall security management in a more scalable and enterprise-ready way.
How was the initial setup?
The initial deployment of One Identity Safeguard took a few weeks, including setup, integration with Active Directory, policy configuration, onboarding asset accounting, testing, and user access validation. The timeline mainly depended on the environment size and security requirements.
What about the implementation team?
One Identity Safeguard has been integrated with Active Directory, cloud platforms such as AWS and Azure , and various Windows and Linux servers for privileged access management. It also supports integration with enterprise applications, SIEM , log monitoring tools, and automation workflows to improve security and centralize access control.
The integrations were manageable overall, especially with Active Directory and standard Windows and Linux environments. Cloud integration with AWS and Azure required additional planning and configuration, but the documentation and available connectors helped. Some advanced integration and custom workflows were more complex and required careful testing and coordination with security and infrastructure teams.
A moderate level of training was required initially, mainly for administrators handling deployment, policy management, integration, and troubleshooting. For end-users, only basic guidance was needed for the access request and password retrieval workflows. Overall, the team adapted quickly after hands-on usage.
What was our ROI?
We have seen a positive return on investment. One Identity Safeguard helped reduce the manual effort for password management and privileged access handling, which saves operational time for administrators. It also improved compliance and audit readiness, reducing time spent during security reviews. While it did not directly reduce headcount, it improved efficiency and centralized control and reduced security risks related to privileged accounts.
What's my experience with pricing, setup cost, and licensing?
One Identity Safeguard is positioned as an enterprise-grade PAM solution, so the cost is on the higher side.
Which other solutions did I evaluate?
During the evaluation phase, we also looked at other PAM solutions such as CyberArk, BeyondTrust, and Delinea. We compared them on security features, integration, deployment complexity, session monitoring, password vaulting, scalability, and overall operational requirements before selecting One Identity Safeguard.
What other advice do I have?
The deployment was relatively smooth with minimal disruption for privileged users. Initially, users needed some adaptation to the access request and approval workflow. After onboarding and training, the process became streamlined and improved overall security.
The integration improved operational efficiency and security by centralizing privileged access management, reducing manual password handling, and improving visibility through auditing and session monitoring. It also helps streamline access workflows across multiple platforms and environments.
The advice would be to properly plan the PAM implementation before deployment, especially around privileged account discovery, access policies, integration, and user onboarding. Start with the critical systems first and then gradually expand across the environment. Also, involve security, infrastructure, and compliance teams early in the process. I have given this review an overall rating of ten.
Kartik Swami
Privileged access has become more secure and password management saves significant time
Reviewed on Apr 30, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Safeguard is to manage and control privileged accounts and store passwords. For example, if an IT admin needs access to a server, I use One Identity Safeguard to manage and control privileged accounts. One Identity Safeguard helps companies avoid data breaches regarding my main use case, influencing other teams and types of users who interact with it.
What is most valuable?
One best feature One Identity Safeguard offers is multi-factor authentication, which adds extra security by requiring more than one verification step. When I mention requiring more than one verification step, I am referring to multi-factor authentication, and it helps to secure systems because it will protect the data. One Identity Safeguard has positively impacted my organization by helping to increase security because of password vaulting.
Password management has improved as it is easier now; for example, I experienced improved efficiency when my IT team needs to access a production server. I have noticed measurable outcomes regarding reduced time to access servers and fewer security incidents since using One Identity Safeguard because it helps me to secure my data and it is reliable.
What needs improvement?
One Identity Safeguard could be improved, and some user tools can be enhanced. I would add more about the needed improvements related to user tools or any other area. The improvement I suggest is to add AI and smart automation; One Identity Safeguard already uses analytics to detect risks, but there is room for enhancement. I believe One Identity Safeguard can be improved by enhancing the user experience.
For how long have I used the solution?
I have been working in my current field for one and a half years.
What do I think about the stability of the solution?
One Identity Safeguard is stable, and this is actually expected by most organizations, commonly compared with CyberArk.
What do I think about the scalability of the solution?
For scalability, instead of one system handling everything, multiple systems are used.
How are customer service and support?
Customer support is good and meets my expectations. I would give a rating of 4.5; I think it is good for customer support.
Which solution did I use previously and why did I switch?
I have previously used a different solution and it was a good experience.
How was the initial setup?
The training required to use the solution is straightforward and effective. It took about one to two weeks for deployment of the solution.
What about the implementation team?
I typically integrate One Identity Safeguard with several parts of the business to make access more seamless. The integration process was balanced because of moderate challenges but manageable overall.
What was our ROI?
For ROI, I have seen a return on investment based on time saved, which is nearly a 50 to 70% reduction.
What's my experience with pricing, setup cost, and licensing?
A strong and honest answer about pricing is that it shows both cost and value.
Which other solutions did I evaluate?
I evaluated other options before choosing One Identity Safeguard.
What other advice do I have?
The feedback regarding the solution's usability and functionality is positive; from my perspective, it is easy to use. I have additional thoughts about One Identity Safeguard. I find this interview very appreciating; it is very helpful, and overall it is a good experience.
I can provide a short poem: Locked doors, silent keys, access flows, watched and secure. This poem captures my sentiments regarding the solution. My overall review rating for One Identity Safeguard is 8.5.
Chetan Bhati
Privileged access has become controlled and auditing provides clear visibility into admin activity
Reviewed on Apr 30, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Safeguard is managing and securing privileged access on a day-to-day basis. It is used for password vaulting, controlled admin access to servers, and monitoring privileged sessions to ensure security and compliance.
Recently, I used One Identity Safeguard to retrieve a privileged account password from the vault for server access during troubleshooting. The access was time-bound and automatically logged. I also checked session activity logs to verify the actions performed, ensuring everything was secure and compliant.
What is most valuable?
Some of the best features of One Identity Safeguard in my opinion are its password vaulting, session monitoring, and detailed auditing capabilities. It securely stores privileged credentials, provides real-time monitoring and recording of admin sessions, and maintains complete audit logs, which helps in improving security and meeting compliance requirements.
One Identity Safeguard has positively impacted our organization by improving our overall security through controlled and monitored privileged access. We have reduced risk related to password misuse, and auditing has become much easier. It also helps in maintaining compliance and gives better visibility into admin activities across the environment.
What needs improvement?
Overall, One Identity Safeguard works well, but it could be improved in terms of UI simplicity and ease of navigation, especially for new users. Some configuration can feel complex, so better documentation or more intuitive workflows would help. Additionally, faster performance in session monitoring and reporting would enhance the overall experience.
A better integration with other security and monitoring tools would improve the overall experience. Also, more user-friendly reporting and a customizable dashboard would make it easier to track activities and generate insights quickly.
For how long have I used the solution?
I have been using One Identity Safeguard for six months to one year.
What do I think about the stability of the solution?
One Identity Safeguard is stable in our environment.
What do I think about the scalability of the solution?
One Identity Safeguard is highly scalable in our environment. We are able to add more users, systems, and privileged accounts without impacting performance. As our infrastructure grows, the solution continues to handle the increased load smoothly, especially for password vaulting and session monitoring, without any major changes required.
How are customer service and support?
I would say the customer support for One Identity Safeguard has been generally responsive and helpful. Whenever we raise issues related to configuration or access, the support team assists with proper guidance.
Which solution did I use previously and why did I switch?
Previously, we were using a more manual process for privileged access management, which involved shared credentials and less centralized control. We switched to One Identity Safeguard to improve security, implement proper access control, and gain better auditing and monitoring of privileged activities.
How was the initial setup?
Deployment of One Identity Safeguard in our organization took approximately a few days to a couple of weeks, including installation, configuration, and integration with Active Directory and internal systems as well. Most of the time was spent on testing and ensuring proper access policies were applied.
What about the implementation team?
Only basic training was required to start using One Identity Safeguard. For administrators, a bit more training was needed to understand configuration, policies, and session management. For end users, minimal training was required since they mainly use it for requesting and accessing privileged credentials.
What was our ROI?
We have seen ROI mainly in terms of time saving and improved efficiency with One Identity Safeguard. Administrators spend less time managing privileged access and handling password requests because most processes are now automated. It has also reduced security risks by minimizing password sharing and manual access handling, which indirectly saves costs by preventing incidents and reducing audit effort. My advice would be to plan the deployment properly and ensure clear access policies are defined before implementation. It is important to invest time in understanding the configuration and integration with Active Directory. Once set up correctly, it provides strong security, better control over privileged access, and improves auditing and compliance significantly.
What's my experience with pricing, setup cost, and licensing?
I was not directly involved in the pricing, setup cost, or licensing decisions for One Identity Safeguard. However, from an operational perspective, the solution is considered a premium enterprise tool, and the licensing is managed centrally by our IT security team based on organization requirements.
Which other solutions did I evaluate?
Before selecting One Identity Safeguard, we evaluated a few other privileged access management solutions, including CyberArk and BeyondTrust. We chose One Identity Safeguard based on its features, integration capabilities, and ease of deployment within our existing infrastructure.
What other advice do I have?
Overall feedback from users regarding One Identity Safeguard's usability and functionality has been positive. However, some users feel the interface is slightly complex initially and requires some learning. Once familiar, they find it reliable for accessing privileged accounts and monitoring sessions effectively.
Since implementing One Identity Safeguard, we have seen better control over privileged access and reduced manual password handling. It has saved time during troubleshooting by providing quick, secure access, and auditing has improved, making it easier to track activities and support compliance requirements.
The integration with Active Directory was moderately easy. The initial setup required proper configuration of trust and mapping of users' roles, which took some time. However, once configured correctly, it works smoothly and provides centralized authentication and better control over privileged access.
I would rate this review an overall score of eight.
Prithviraj
Privileged access has become controlled and auditable while password rotation runs automatically
Reviewed on Apr 26, 2026
Review from a verified AWS customer
What is our primary use case?
One Identity Safeguard 's main use case in our organization is to manage and secure privileged access across our environment, primarily controlling administration access to critical systems like servers, databases, and network devices. It helps us enforce secure password management and provides session monitoring, allowing us to track what privileged users are doing in real time or review it later for auditing purposes. In day-to-day operations, we use it to grant temporary access to admins, rotate credentials automatically, and ensure that no one has standing privileged access longer than necessary. It has become an important tool for maintaining compliance and reducing the risk of unauthorized access.
Recently, we faced a situation where one of our database servers needed urgent troubleshooting from a senior admin. Instead of sharing credentials or giving permanent access, we used One Identity Safeguard to grant temporary privileged access. The admin requested access through the system, it got approved, and One Identity Safeguard automatically provided the credentials without exposing the actual password. The entire session was recorded, which gave us confidence from a security and audit perspective. What made a difference was that once the task was completed, the access was automatically revoked and the password was rotated or changed, alleviating concerns about lingering access or manual cleanup. This made the entire process much more secure and streamlined compared to previous methods.
What is most valuable?
The best features of One Identity Safeguard include several standout capabilities we rely on heavily. The biggest feature for us is privileged session monitoring and recording, which gives full visibility into what admins are doing, and the ability to replay sessions later is particularly useful for audits or troubleshooting. It enhances security since everything is tracked and traceable. Another key feature is secure password management with automatic rotation, eliminating the need for manual credential management. The system handles password changes regularly, significantly reducing risk. We also find the access request and approval workflow very valuable. Instead of informal access sharing, everything goes through a structured process that maintains control and compliance. We would also highlight real-time monitoring and alerting; if any suspicious activity occurs during a session, it can be flagged or halted immediately, adding an extra layer of protection. Overall, the combination of visibility, control, and automation makes it very useful, focusing on securing access while making the process manageable and auditable.
Beyond the main use case, One Identity Safeguard has integrated into our daily operations for access control, not just for high-risk situations. We use it routinely for managing privileged sessions, especially for admins who need temporary access to different systems. One standout aspect is how it enforces a structured workflow. Instead of informal access requests over email or chat, everything goes through an approval process, keeping things clean and auditable. It reduces dependency on individuals since credentials are not shared manually anymore, fostering better security habits across the team. People are more aware of access policies, and there is a clear accountability trail for every action. It is not just a tool we use occasionally; it is essential to our regular IT and security processes.
There are smaller features worth noting as well. One we find particularly useful is the ability to launch sessions directly through the platform without exposing credentials, allowing admins to connect through One Identity Safeguard without needing to see the password. Another beneficial feature is the session search and indexing; if an investigation is necessary, we can quickly identify specific sessions based on users, time, or activity rather than manually sifting through logs. This capability has been extremely helpful during audits or incident reviews. Furthermore, the policy-based access controls are quite flexible. Once set up properly, access governance operates automatically in the background, reducing manual effort. Integration with Active Directory services facilitates onboarding and management, avoiding the need to recreate everything from scratch. It is these smaller practical features that enhance usability on a daily basis, not just in audits or critical situations.
What needs improvement?
One Identity Safeguard works well for us overall, but there are several areas where improvements could be made. The initial setup and deployment can be quite complex, particularly if you are new to privileged access management tools, and understanding the architecture and configuration requires time. A more guided setup or simpler onboarding would be beneficial. The user interface could also be improved; while functional, it is not always intuitive, especially for new users. A more modern and user-friendly UI would facilitate daily operations. We have also found that reporting and customization of reports could be more flexible; although the data is available, it sometimes requires extra effort to obtain the desired format or detail level for audits or management reporting. Additionally, customer support response times could improve, particularly for non-critical issues; while the support team is knowledgeable, faster turnaround would make a difference. Overall, these are not deal breakers, but enhancing these areas would make the product more efficient and easier to adopt.
We would appreciate more automation and smarter workflows. While the approvals process functions effectively, adding more flexibility, such as conditional approvals or risk-based access, would enhance its strength. We also believe that better dashboarding and visibility would help; while data can be obtained, having customizable or real-time dashboards for aspects like active sessions, risk alerts, or access trends would allow for a quick overview without requiring in-depth report digging. Overall, these enhancements do not indicate major gaps, but they would improve usability and give the product a more modern and future-ready feel.
For how long have I used the solution?
I have been using One Identity Safeguard for a year.
What do I think about the stability of the solution?
One Identity Safeguard has proven to be stable and reliable within our environment. Once we managed to get past the initial setup and configuration, it operates consistently without major issues or downtime. Day-to-day tasks such as access requests, session monitoring, and password rotation function smoothly. It appears designed as a dependable enterprise-grade solution, reflecting well in its production performance. Similar to most complex security tools, we encountered minor issues during deployment and fine-tuning, but none that significantly impacted operations. Stability has not been a concern; it has been a reliable part of our environment.
What do I think about the scalability of the solution?
One Identity Safeguard has managed scalability effectively in our experience. As our environment grows—adding more servers, users, and privileged accounts—we have scaled its use without significant complications since we are using the virtual appliances model. Scaling primarily involves allocating additional resources or deploying more instances as needed. Platform-wise, it is designed to support enterprise-scale environments, capable of managing large numbers of sessions and users as long as it is correctly sized and configured. However, we have noticed that performance can vary based on how it is deployed; the type of workload and the number of active sessions influence capacity. Proper infrastructure planning is therefore crucial. Overall, it has adapted to our growth without necessitating major redesigns, requiring only resource tuning and scaling as demand escalated. We would say it is highly scalable, particularly for mid to large enterprise environments, provided the architecture is well planned.
How are customer service and support?
Overall, our experience with One Identity Safeguard support has been quite positive. The support team is generally knowledgeable and technically adept, particularly when addressing complex issues. Whenever we raise critical tickets, they guide us appropriately and provide workable solutions. From our observations, once we connect with the right support engineer, the quality of assistance is high. The primary area for improvement is response speed and escalation, which aligns with general user feedback, noting strong support but inconsistent response times. Overall, we would assess the support as reliable and knowledgeable, although there is scope for improvement regarding response consistency.
Which solution did I use previously and why did I switch?
Before transitioning to One Identity Safeguard, we mainly relied on a mixture of manual processes and basic access control tools, using native solutions such as Active Directory for access management along with internal processes for handling privileged credentials. We decided to switch due to scalability and security concerns; the existing approach was inadequate, leading to challenges with shared credentials, limited visibility of privileged sessions, and insufficient audit trails. It required substantial manual effort to manage and track access. After evaluating several dedicated PAM solutions, we selected One Identity Safeguard because it offered a more comprehensive and centralized approach, highlighting features such as session recording, automated password rotation, and structured access workflows. The move stemmed from our need for improved security, compliance, and operational efficiency as our environment expanded.
How was the initial setup?
The initial deployment took us around three weeks. Setting up the virtual appliances was relatively fast, but a significant amount of time went into configuration, integrating it with existing systems such as Active Directory, and defining access policies. We also allocated time to test different use cases and ensure everything operated as expected before broader rollout. While the technical setup was quick, the overall time was largely influenced by planning, integration, and fine-tuning.
Overall, the deployment was fairly smooth, though there was a slight adjustment period for our privileged users. Initially, some admins found it somewhat disruptive as they were accustomed to direct access, and now had to use an approval workflow in One Identity Safeguard to initiate sessions. There was a small learning curve and some resistance initially; however, once they became familiar with the process, things settled down quickly. Many users even began appreciating the simplified access requests and the removal of the need to manage or remember privileged credentials. We facilitated the transition by implementing a phased rollout and providing basic training, which helped minimize disruptions. While there was initial friction, it was temporary, and overall adoption progressed smoothly.
What about the implementation team?
The team managing One Identity Safeguard required a moderate level of training. We spent several days reviewing the architecture, configuration, and best practices, followed by a couple of weeks of hands-on learning during the implementation phase. While the tool is not overly complex, understanding how to design privileged access workflows and policies is essential for maximizing its use. For end users, particularly admins just needing to request and use access, the training requirements were minimal; a short session or demonstration sufficed to illustrate how to request access and launch sessions through the platform. Most people adapted quickly after one or two uses. Overall, more effort is needed on the admin side, while regular users find it quite straightforward.
What was our ROI?
We have seen a return on investment since implementing One Identity Safeguard. From a time-saving perspective, access provisioning has accelerated dramatically; what used to take twenty to thirty minutes per request can now be completed in just a few minutes, which accumulates significantly across multiple daily requests. Overall, we have likely reduced admin effort related to access management by forty percent, and from an operational efficiency standpoint, we no longer need to manage or rotate privileged credentials manually. This shift saves a considerable amount of ongoing effort and diminishes dependency on a few key individuals. We have also experienced indirect ROI by reducing security risk; quantifying it precisely is challenging, but eliminating shared credentials and enforcing session monitoring has materially lowered our exposure to potential incidents, which could be costly if they occurred. In terms of audit compliance, we have cut preparation time by approximately forty to fifty percent since most required data is readily available through logs and sessions. While headcount has not decreased, it has allowed our teams to focus more on strategic tasks instead of manual access management. Therefore, the ROI stems from a combination of time savings, enhanced security posture, and streamlined audit processes rather than direct cost reduction.
What's my experience with pricing, setup cost, and licensing?
Our pricing and licensing experience was fairly typical for an enterprise security solution. It is not the cheapest option available, but it aligns with the level of security and control it delivers. The initial setup cost was moderate; we did not incur major hardware expenses as we opted for virtual appliances, but there was still some investment needed for configuration and internal resources. Licensing is structured and scalable, which is beneficial as the environment grows, although it can seem complex initially to fully understand what is included and how to size it appropriately, requiring close collaboration with the vendor during that phase. From a value perspective, we see it as justified because it replaces many manual processes and mitigates security risks. However, organizations should plan their licensing thoughtfully to avoid over or under-provisioning. Overall, it represents a solid investment, although entering with a clear understanding of requirements is essential for maximizing value.
Which other solutions did I evaluate?
Before selecting One Identity Safeguard, we assessed a few PAM solutions, specifically CyberArk and BeyondTrust. Both are reputable solutions and widely recognized in the market. CyberArk is particularly feature-rich, but we found it somewhat complex and costly relative to our requirements. BeyondTrust was also a strong contender, especially regarding usability, but in our case, One Identity Safeguard presented a better balance between functionality, ease of use, and overall cost. We also took into account how well One Identity Safeguard integrated into our existing environment and the speed at which we could deploy it compared to alternatives. Overall, the decision was not due to shortcomings of the other tools, but rather finding the right fit for our specific needs.
What other advice do I have?
My main advice for those considering One Identity Safeguard is to carefully plan your implementation beforehand. This is not a plug-and-play tool; you will extract the most value by clearly defining your privileged access policies, workflows, and use cases in advance. We also highly recommend conducting a proof of concept in your environment to test real scenarios, particularly edge cases such as legacy systems or service accounts, as challenges often arise in these areas. This testing approach is strongly advocated by practitioners since real-world scenarios provide a clearer picture than demos. Additionally, invest time training your admins and establishing clear processes. The tool is powerful, but it works most effectively when your team understands how to use it properly. From a technical standpoint, ensure you size and secure your deployment accurately—planning for storage, access restrictions, and network setup, especially in cloud environments, is vital. Overall, it is a robust solution whose success hinges on effective planning, implementation, and alignment with your organization's processes. I would rate this product an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud