Sold by: One Identity
Deployed on AWS
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users.
3.8
Overview
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to simplify searching for events and reporting so you can more easily meet your auditing and compliance requirements. In addition, Safeguard for Privileged Sessions serves as a proxy, and inspects the protocol traffic on the application level and can reject any traffic violating the protocol - thus making it an effective shield against attacks. In transparent mode, only minimal network changes are required and users do not have to change their workflow or client applications, which makes implementation a breeze. However, workflow can be configured so you can authenticate users, limit access to specific resources, authorize and view active connections, and receive an alert if connections exceed preset time limits. Safeguard can also monitor sessions in real time and execute various actions: if a risky command or application appears, it can send you an alert or immediately terminate the session.
To purchase via private offer, please visit: https://www.oneidentity.com/register/110890/
Highlights
- Full session audit, recording and replay, all session activity, down to the keystroke, mouse movement and windows viewed is captured, indexed and stored in tamper-proof audit trails that can be viewed like a video and searched like a database.
- REAL-TIME ALERTING AND BLOCKING: In the case of detecting a suspicious user action, Safeguard can log the event, send an alert or immediately terminate the session.
- PROXY ACCESS AND FULL TEXT SEARCH: Since users have no direct access to resources, the enterprise is protected against unauthorized and unfettered access to sensitive data and systems. With OCR auditors can do full text searches.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 8.0.2
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
All fees are non-refundable and non-cancellable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
BeyondTrust is a leading Privileged Access Management (PAM) solution that secures and manages privileged accounts across your organization. With advanced threat protection, session monitoring, and least privilege enforcement, it minimizes security risks while enhancing compliance. Simplify access management and safeguard critical assets with BeyondTrust.
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
miniOrange's PAM solution ensures robust Privileged Access Management across cloud, on-premises, and hybrid environments. Here’s how it benefits your business: enhances visibility, streamlines deployment, and automated processes, and boosts security, along with risk minimization. It enables companies to securely manage, control, and monitor privileged access anywhere in the digital infrastructure.
Customer reviews
Mohamed Fouad
Privileged sessions have become controlled and recorded, and access requests now follow approvals
Reviewed on Mar 02, 2026
Review provided by PeerSpot
What is our primary use case?
One Identity Safeguard serves as our Privileged Access Management solution to enforce session management for administrators and allow them to access our systems in recorded sessions, which secures our environment.
In our daily operations, One Identity Safeguard acts as a centralized privileged credentials manager for our systems including Windows, Linux, network devices, and our database, allowing administrators to access our database systems in critical environments while recorded sessions ensure security and accountability.
We have just-in-time access with approvals, allowing administrative access to our users based on request and approvals, which helps us monitor requests for access to critical systems.
What is most valuable?
One of the best features One Identity Safeguard offers is its capability to integrate with many systems, which is valuable for us since we have multiple database systems with many vendors in our organization.
One Identity Safeguard positively impacts our organization by reducing the likelihood of breaches from privileged sprawl by removing shared admin passwords and enforcing control checkouts while also improving our investigation times and providing strong forensics from a centralized location.
What needs improvement?
The most common improvement needed is for upgrades. One Identity Safeguard's desktop client should have a faster and easier upgrade process that ensures compatibility.
For how long have I used the solution?
I have been using One Identity Safeguard for one year.
What do I think about the stability of the solution?
One Identity Safeguard is quite stable in my experience.
Which solution did I use previously and why did I switch?
I previously used One Identity before switching from CyberArk to One Identity Safeguard.
How was the initial setup?
The integration process for One Identity Safeguard was not straightforward. Initially, we faced a complex implementation that took about two months, but after that, we achieved a stable configuration and environment for user access to critical systems.
What about the implementation team?
The deployment was seamless for our privileged users, thanks to the professional third-party team we hired for the implementation service that helped us properly implement One Identity Safeguard.
What was our ROI?
The time saved with One Identity Safeguard is significant, and I can affirm that we have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
We have a separate department that studies setup costs for each product, but as far as my information goes, the pricing and setup costs are very good.
Which other solutions did I evaluate?
I did not evaluate other options before choosing One Identity Safeguard.
What other advice do I have?
The feedback from users regarding One Identity Safeguard's usability and functionality has been very good. All users have provided positive feedback, and we encourage them to reach out with any issues, but so far, we have had no problems reported.
My advice for those looking into using One Identity Safeguard is to study the integrations between the client and One Identity Safeguard, ensuring the compatibility matrix is visible to all administrators before upgrading the product. I rated this product a ten out of ten.
GaCi
Privileged sessions have gained strong monitoring and vaulting but the interface still needs improvement
Reviewed on Feb 28, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Safeguard is password vaulting and monitoring, as we are using it for privileged access management and to improve security and audit compliance.
We use One Identity Safeguard to manage and control access to administrative accounts. For example, when a system administrator needs to access a critical server, we ensure their session is launched through the Safeguard platform. This allows us to monitor their session in real-time, recording all access for audit purposes. If there is any suspicious activity, we can immediately terminate the session to prevent unauthorized changes. The password vaulting feature automatically rotates passwords after use, reducing the risk of credential theft. This daily process helps maintain strict control over privileged accounts and ensures compliance with security policies.
Another scenario where One Identity Safeguard plays a key role is during an emergency access situation where urgent access is needed to a critical server. Safeguard allowed us to grant temporary, limited-time access to privileged accounts. This access is tightly controlled and fully logged, so there is a clear record of who accessed what and when. After the emergency, the session is recorded, and the audit logs have been maintained.
What is most valuable?
The best features One Identity Safeguard offers include password vaulting, which securely stores and automatically rotates the privileged accounts' passwords. Another is session monitoring, which records and allows real-time monitoring of privileged sessions. Other features are access control, emergency access, and centralized management and visibility, where we get clear insight into administrative activities and can quickly detect and respond to threats.
The most valuable feature for my team is session monitoring because it helps us to get a log of the privileged sessions and intervene immediately if we see suspicious activity.
One Identity Safeguard has impacted us in a great way as it has improved our security posture by securing privileged accounts and reducing the risk of credential theft. It also improved our audit compliance with detailed session recording and logs. Moreover, it has simplified our credential management and reduced manual errors.
What needs improvement?
One Identity Safeguard is good now, but I think the user interface can be more intuitive, especially for new users.
I believe that adding advanced AI and machine learning insights would be good for improving One Identity Safeguard.
For how long have I used the solution?
I have been using One Identity Safeguard for around seven to eight months.
What other advice do I have?
I would advise others looking into using One Identity Safeguard to fully go for the product. I would rate this product seven out of ten.
Kalpesh Pawar
Privileged access has become just in time and audits are now simplified with full session recording
Reviewed on Jan 06, 2026
Review from a verified AWS customer
What is our primary use case?
We use One Identity Safeguard for privileged access management across multi-client public and private cloud environments. It is mainly used to vault and rotate privileged credentials and provide just-in-time access and enforce least privilege. We also use it to record and audit admin sessions for cloud VMs, databases, and infrastructure services without exposing passwords to the engineers working on-site or contractors.
For one client, we had an Azure environment where multiple support engineers needed temporary access to the production VMs for incident resolution. The challenge was shared admin accounts, no clear audit trails, and client audit perspective. We implemented One Identity Safeguard to vault the Azure VM local admin and service accounts, ensure JIT access via approval, allow engineers to connect via One Identity Safeguard brokered RDP and SSH without seeing passwords. We also record all privileged sessions and forward logs to the client's SIEM for full transparency. We achieved that no passwords were shared, full session recordings were available for audits, and access was faster during incidents.
We use One Identity Safeguard to standardize PAM controls across multiple client tenants and cloud platforms. We automated credential rotation for privileged and service accounts without service impact. We also reduced manual access management and operational risk in large-scale cloud environments across our multi-cloud, multi-client customers across the globe.
The integration with our RPA workflows allowed secure credential access for robots without exposing passwords, enabling automated RPA tasks to run smoothly across multiple client systems, which has reduced manual intervention and errors in repetitive workflows.
What is most valuable?
The best features we appreciate about One Identity Safeguard are privileged credential vaulting, session proxying and recording, and integration with ITSM security tools such as Jira , ServiceNow , SIEMs, and SOAR platforms that our clients have. The integration with these platforms was quite simple. Additionally, we appreciate role-based access control, just-in-time access, and least privilege.
The most relied upon feature we appreciated was the session-based just-in-time privileged access with credential isolation. It made the biggest difference in our organization because the engineers never see or handle privileged passwords, which helped us comply with our customer's compliance requirements. The access is time-bound and approval-based, reducing standing admin access, and all the SSH and RDP sessions are brokered and recorded for audit and troubleshooting.
What needs improvement?
The areas for improvement in One Identity Safeguard would be the UI and UX, meaning the admin console can be more intuitive for complex policy and workflow configuration. Additionally, the reporting can be made more customizable with a real-time dashboard without external SIEM dependency.
More improvements could be made regarding support and upgrades. Faster issue resolution and smoother upgrade paths for complex deployments could be an additional improvement area for this product.
For how long have I used the solution?
We have been using One Identity Safeguard for the last two years.
What do I think about the stability of the solution?
One Identity Safeguard is very stable in my experience.
What do I think about the scalability of the solution?
It is scalable as we have now scaled from serving one customer to multiple customers without any downtime or service interruption.
How are customer service and support?
The customer support for One Identity Safeguard is great. The technical team is responsive and very knowledgeable.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used CyberArk. The reason for switching was that we needed easier multi-client management for our customers with hybrid cloud environments and better integration with Jira , SIEM, and RPA workflows across multiple customer cloud environments.
How was the initial setup?
The deployment of the solution took place in phases. Initially, it took one month, and then we scaled it to the full organization globally.
What about the implementation team?
The admin and managers required one to two weeks of hands-on training for vaulting, policy creation, integrations, and session management. The end users required only one or two days to learn about requesting access, launching sessions, and approvals.
What was our ROI?
We have seen a return on investment because we have saved time, reducing access provisioning from hours to minutes. The efficiency of our team has increased as we have reduced manual credential management, allowing our IT team to focus on higher value tasks.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing was entirely based on the sales cost, while the setup was done by our vendor and our in-house team.
Which other solutions did I evaluate?
Integrating One Identity Safeguard with our RPA workflows was quite easy and not a time-consuming process. However, it did require perfect planning and plotting for the RPA bots to ensure just-in-time privileged access.
What other advice do I have?
One more point worth highlighting from a technical and operational perspective is the central policy enforcement across multi-cloud environments.
We have removed shared admin credentials, enforced just-in-time access management, simplified audits with session recording, and reduced manual access work, all thanks to One Identity Safeguard.
Access provisioning time has been reduced from hours to minutes using just-in-time access. We have zero audit findings related to privileged access after implementing this product and have reduced credential-related incidents by eliminating shared and static admin passwords.
I suggest that others considering using One Identity Safeguard go for it. Plan your vault structure and role-based access policies before deployment, and try to utilize more of its just-in-time access and security recording features from day one. I would rate this product an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Rohan Paul
Privileged access has become more controlled and auditable but the interface still needs simplification
Reviewed on Jan 02, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for One Identity Safeguard is for privileged access management to control, monitor, and secure access to critical systems, servers, and applications used by administrators and IT teams.
A quick specific example of how I use it for privileged access management in my environment is that when an administrator needs access to a critical server, they request access through One Identity Safeguard instead of using shared credentials. The system grants time-bound, approved access, rotates the password automatically after the session, and records the entire activity.
What is most valuable?
The best features One Identity Safeguard offers include Privileged Password Vaulting as the first one. The strongest features are Session Recording and Password Vaulting with rotation and Just-in-Time Access, which together give strong control and visibility and audit readiness.
The Session Recording feature specifically helps my team and makes things easier for audits or investigations by giving a clear, time-stamped playback of privileged activities. It removes guesswork, speeds up audits, and ensures full accountability for admin actions.
One Identity Safeguard has positively impacted my organization by improving our security posture, eliminating shared privileged credentials, increasing visibility into admin activity, and making compliance audits faster and more reliable.
What needs improvement?
One Identity Safeguard could be improved by simplifying the user interface and initial configuration process, especially for first-time users. More customizable reporting and clear in-app guidance would also help teams onboard faster and get deeper insights without additional effort.
For how long have I used the solution?
I have been using One Identity Safeguard for about one year.
What do I think about the stability of the solution?
One Identity Safeguard is very stable and can handle the workload easily; I have not seen any downtime.
What do I think about the scalability of the solution?
One Identity Safeguard scales well as the environment grows. It handles increasing numbers of privileged accounts, sessions, and cloud targets without performance issues, making it suitable for expanding and hybrid infrastructure.
How are customer service and support?
Customer support has been responsive and knowledgeable, being effective at resolving technical issues.
How would you rate customer service and support?
Negative
How was the initial setup?
The integration with my cloud environment and infrastructure systems was moderately easy. Core cloud and infrastructure integrations were straightforward with proper documentation, while fine-tuning policies and access workflows required some initial effort. Once configured, the integrations have been stable and reliable.
Administrators required moderate training to understand configuration, policies, and workflows, while end users needed minimal training since access requests and approvals are straightforward. Overall, onboarding was manageable with some initial guidance.
What was our ROI?
I have seen a return on investment through reduced audit effort and fewer security incidents related to privileged access, along with significant time savings for IT and security teams by automating access control and password management.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that pricing is on the higher side, but aligns with the security and compliance value it provides. Setup costs were mainly related to initial configuration and training, and licensing was straightforward.
Which other solutions did I evaluate?
I evaluated other options such as CyberArk and BeyondTrust before choosing One Identity Safeguard.
What other advice do I have?
User feedback has been generally positive around the solution's security and session recording and access control capabilities. However, some users have mentioned that the interface and initial learning curve could be more intuitive, especially for new or non-specialist users.
My advice for others looking into using One Identity Safeguard is to clearly define your privileged access use cases and policies before implementation. It gives stronger security and audit capabilities, but investing time in proper planning, setup, and training will help you get the most value from the solution. I would rate this review a 7.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Jonas Piliponis
Centralized privileged sessions have improved risk control and strengthened contractor oversight
Reviewed on Dec 22, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Safeguard is using only one module for privileged session, which we use for admins and contractors.
A quick specific example of how my team uses One Identity Safeguard day-to-day is that we use only the second part for our contractors, not for admins in our company, but for companies that help us perform admin work and support our system.
What is most valuable?
The best features One Identity Safeguard offers include video recordings to help us control our support risks.
Accessing and reviewing those recordings when needed is easy, and there are no problems with recording or reviewing.
One Identity Safeguard has positively impacted my organization by helping us manage risk. We have this product as Balabit, which is a good product that is very light and helps us check or assist with our needs.
What needs improvement?
One Identity Safeguard could be improved with a password manager and an identity manager as one big access management system.
I believe improvements could be made around integrating with other tools.
For how long have I used the solution?
I have been using One Identity Safeguard for eight years.
What do I think about the stability of the solution?
I rated One Identity Safeguard nine out of 10 because the stability and control could be better, as there are some problems with stability and errors when we use it.
What do I think about the scalability of the solution?
As my organization grows or my needs increase, it is easy to add more users or expand the use of One Identity Safeguard, and that experience has been good.
How are customer service and support?
I would rate the customer support for One Identity Safeguard as eight on a scale of one to ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution before One Identity Safeguard.
How was the initial setup?
The deployment of One Identity Safeguard solution took one or two days.
The deployment affected my privileged users in a way that was pretty smooth.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated other options based on simplicity, price, and functionality.
What other advice do I have?
Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use.
My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality.
My company does not have a business relationship with One Identity Safeguard vendor other than being a customer.
I rated this review nine out of ten.