Sold by: One Identity
Deployed on AWS
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users.
3.8
Overview
With One Identity Safeguard for Privileged Sessions, you can control, monitor and record privileged sessions of administrators, remote vendors and other high-risk users. Content of the recorded sessions is indexed to simplify searching for events and reporting so you can more easily meet your auditing and compliance requirements. In addition, Safeguard for Privileged Sessions serves as a proxy, and inspects the protocol traffic on the application level and can reject any traffic violating the protocol - thus making it an effective shield against attacks. In transparent mode, only minimal network changes are required and users do not have to change their workflow or client applications, which makes implementation a breeze. However, workflow can be configured so you can authenticate users, limit access to specific resources, authorize and view active connections, and receive an alert if connections exceed preset time limits. Safeguard can also monitor sessions in real time and execute various actions: if a risky command or application appears, it can send you an alert or immediately terminate the session.
To purchase via private offer, please visit: https://www.oneidentity.com/register/110890/
Highlights
- Full session audit, recording and replay, all session activity, down to the keystroke, mouse movement and windows viewed is captured, indexed and stored in tamper-proof audit trails that can be viewed like a video and searched like a database.
- REAL-TIME ALERTING AND BLOCKING: In the case of detecting a suspicious user action, Safeguard can log the event, send an alert or immediately terminate the session.
- PROXY ACCESS AND FULL TEXT SEARCH: Since users have no direct access to resources, the enterprise is protected against unauthorized and unfettered access to sensitive data and systems. With OCR auditors can do full text searches.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 8.0.1
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing and entitlements for this product are managed through an external billing relationship between you and the vendor. You activate the product by supplying a license purchased outside of AWS Marketplace, while AWS provides the infrastructure required to launch the product. AWS Subscriptions have no end date and may be canceled any time. However, the cancellation won't affect the status of the external license.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Vendor refund policy
All fees are non-refundable and non-cancellable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Additional details
Resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
BeyondTrust is a leading Privileged Access Management (PAM) solution that secures and manages privileged accounts across your organization. With advanced threat protection, session monitoring, and least privilege enforcement, it minimizes security risks while enhancing compliance. Simplify access management and safeguard critical assets with BeyondTrust.
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
CyberArk Secure Cloud Access implements Zero Standing Privileges to secure identities at every layer of your multi-cloud environment without impacting native cloud user experience. Cloud admins, start a 30-day free trial today to protect cloud access and meet compliance requirements in a native, secure manner.
miniOrange's PAM solution ensures robust Privileged Access Management across cloud, on-premises, and hybrid environments. Here’s how it benefits your business: enhances visibility, streamlines deployment, and automated processes, and boosts security, along with risk minimization. It enables companies to securely manage, control, and monitor privileged access anywhere in the digital infrastructure.
Customer reviews
Rohan Paul
Privileged access has become more controlled and auditable but the interface still needs simplification
Reviewed on Jan 02, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for One Identity Safeguard is for privileged access management to control, monitor, and secure access to critical systems, servers, and applications used by administrators and IT teams.
A quick specific example of how I use it for privileged access management in my environment is that when an administrator needs access to a critical server, they request access through One Identity Safeguard instead of using shared credentials. The system grants time-bound, approved access, rotates the password automatically after the session, and records the entire activity.
What is most valuable?
The best features One Identity Safeguard offers include Privileged Password Vaulting as the first one. The strongest features are Session Recording and Password Vaulting with rotation and Just-in-Time Access, which together give strong control and visibility and audit readiness.
The Session Recording feature specifically helps my team and makes things easier for audits or investigations by giving a clear, time-stamped playback of privileged activities. It removes guesswork, speeds up audits, and ensures full accountability for admin actions.
One Identity Safeguard has positively impacted my organization by improving our security posture, eliminating shared privileged credentials, increasing visibility into admin activity, and making compliance audits faster and more reliable.
What needs improvement?
One Identity Safeguard could be improved by simplifying the user interface and initial configuration process, especially for first-time users. More customizable reporting and clear in-app guidance would also help teams onboard faster and get deeper insights without additional effort.
For how long have I used the solution?
I have been using One Identity Safeguard for about one year.
What do I think about the stability of the solution?
One Identity Safeguard is very stable and can handle the workload easily; I have not seen any downtime.
What do I think about the scalability of the solution?
One Identity Safeguard scales well as the environment grows. It handles increasing numbers of privileged accounts, sessions, and cloud targets without performance issues, making it suitable for expanding and hybrid infrastructure.
How are customer service and support?
Customer support has been responsive and knowledgeable, being effective at resolving technical issues.
How would you rate customer service and support?
Negative
How was the initial setup?
The integration with my cloud environment and infrastructure systems was moderately easy. Core cloud and infrastructure integrations were straightforward with proper documentation, while fine-tuning policies and access workflows required some initial effort. Once configured, the integrations have been stable and reliable.
Administrators required moderate training to understand configuration, policies, and workflows, while end users needed minimal training since access requests and approvals are straightforward. Overall, onboarding was manageable with some initial guidance.
What was our ROI?
I have seen a return on investment through reduced audit effort and fewer security incidents related to privileged access, along with significant time savings for IT and security teams by automating access control and password management.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that pricing is on the higher side, but aligns with the security and compliance value it provides. Setup costs were mainly related to initial configuration and training, and licensing was straightforward.
Which other solutions did I evaluate?
I evaluated other options such as CyberArk and BeyondTrust before choosing One Identity Safeguard.
What other advice do I have?
User feedback has been generally positive around the solution's security and session recording and access control capabilities. However, some users have mentioned that the interface and initial learning curve could be more intuitive, especially for new or non-specialist users.
My advice for others looking into using One Identity Safeguard is to clearly define your privileged access use cases and policies before implementation. It gives stronger security and audit capabilities, but investing time in proper planning, setup, and training will help you get the most value from the solution. I would rate this review a 7.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Jonas Piliponis
Centralized privileged sessions have improved risk control and strengthened contractor oversight
Reviewed on Dec 22, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for One Identity Safeguard is using only one module for privileged session, which we use for admins and contractors.
A quick specific example of how my team uses One Identity Safeguard day-to-day is that we use only the second part for our contractors, not for admins in our company, but for companies that help us perform admin work and support our system.
What is most valuable?
The best features One Identity Safeguard offers include video recordings to help us control our support risks.
Accessing and reviewing those recordings when needed is easy, and there are no problems with recording or reviewing.
One Identity Safeguard has positively impacted my organization by helping us manage risk. We have this product as Balabit, which is a good product that is very light and helps us check or assist with our needs.
What needs improvement?
One Identity Safeguard could be improved with a password manager and an identity manager as one big access management system.
I believe improvements could be made around integrating with other tools.
For how long have I used the solution?
I have been using One Identity Safeguard for eight years.
What do I think about the stability of the solution?
I rated One Identity Safeguard nine out of 10 because the stability and control could be better, as there are some problems with stability and errors when we use it.
What do I think about the scalability of the solution?
As my organization grows or my needs increase, it is easy to add more users or expand the use of One Identity Safeguard, and that experience has been good.
How are customer service and support?
I would rate the customer support for One Identity Safeguard as eight on a scale of one to ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution before One Identity Safeguard.
How was the initial setup?
The deployment of One Identity Safeguard solution took one or two days.
The deployment affected my privileged users in a way that was pretty smooth.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated other options based on simplicity, price, and functionality.
What other advice do I have?
Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use.
My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality.
My company does not have a business relationship with One Identity Safeguard vendor other than being a customer.
I rated this review nine out of ten.
Giannis Balafas
Modern privileged access workflows have improved user onboarding and secure password management
Reviewed on Dec 19, 2025
Review provided by PeerSpot
What is our primary use case?
Our main use case for One Identity Safeguard is to integrate it to clients that need the SPP functionality, which stands for Safeguard for Privileged Passwords . They do say that we could utilize One Identity Safeguard to its full extent for now, but we're getting there.
A quick specific example of how we use One Identity Safeguard with a client is that our latest client needed a password vault, so at first, we integrated One Identity Safeguard for Privileged Passwords, and then they asked for a personal vault so they could store their passwords and secrets, much like KeePass, so we integrated One Identity Safeguard Personal Vault as well. Lastly, they figured at some point down the line that they needed SPS as well, but only the primitive version of it, so we just decided to integrate SPS as well and form it into a cluster with SPP, but they don't use any third-party plugins as of now.
What is most valuable?
The best feature One Identity Safeguard offers is that it is a pretty new, modern tool that makes extensive use of its API. In general, it's easier than other tools to just perform maintenance work or perform work using the API of One Identity Safeguard. Also, the way that the access requests are structured—with entitlements and access request policies—makes it easier to govern data and identities. CyberArk, which is essentially the industry standard right now, is doing a very primitive job of helping the administrator with the task, and One Identity Safeguard is a lot better at this.
These features help my team day-to-day by making onboarding new users easier, and they also make it easier to create existing teams that are complete with their own password management, their own password profiles and rotations, password requirements, and who gets access to what, so it all makes it easier and faster.
One Identity Safeguard has positively impacted my organization by being another tool that we have in our arsenal to be able to get other clients as well, because we also sell One Identity IAM , and we can just bundle One Identity Safeguard with it. It also has a nice feature called remote access, which a lot of people want to use for externals in their organization, coupled with its just-in-time requisition, so it makes selling it much easier because One Identity is a company that's been in the field for ages.
What needs improvement?
One Identity Safeguard can be improved by fixing the documentation, which is very convoluted as of now, and addressing versioning, as some major bugs and issues are not documented well enough in the documentation, along with some patches and fixes. Custom plugins need to be introduced as soon as possible.
I give it an eight because it's a nice tool and it's a modern tool, but there are still some issues, not necessarily pertaining to the tool itself, but to the whole philosophy of One Identity and how they have structured their workflows and their knowledge base, which essentially has no knowledge base, just like CyberArk. There are some issues that need to be fixed, plus it does not have a custom option, and a lot of clients are using in-house made applications that also need to be onboarded to One Identity Safeguard to be able to launch a browser session to that application, which One Identity Safeguard has not had any capabilities that could assist with that.
For how long have I used the solution?
I have been using One Identity Safeguard for two and a half years, ever since we pivoted from CyberArk, as we wanted to be more tool-agnostic, and we decided that One Identity Safeguard was our best option because we had a past with One Identity, with us being in an IAM team.
What do I think about the stability of the solution?
One Identity Safeguard is stable.
What do I think about the scalability of the solution?
So far, we haven't had any issues with One Identity Safeguard's scalability; it's been fine, but we generally target smaller to mid-sized implementations.
How are customer service and support?
The customer support for One Identity Safeguard is fine for what it is, even though everything needs to be run through them and there are no knowledge bases, so we have to wait for a response from the One Identity Safeguard company, and they also keep a lot of information, requiring us to make a request and then they would need to reply, but it's acceptable overall. It's not the worst I've seen.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used CyberArk before switching to One Identity Safeguard.
How was the initial setup?
The deployment of the solution takes about two to four weeks, give or take, but that's not counting waiting for the client to respond and all that.
About a month of training is required for end-users, and for us, it was four months to understand One Identity Safeguard, but that was because we already had experience in other PAM tools like CyberArk.
What about the implementation team?
We are partners, executive partners, and resellers with this vendor.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been a good experience overall, as the back and forth with One Identity is something that is acceptable; other tools have options to do this automatically, and they have it, but pricing, presales, and sales is acceptable overall.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated Zero Trust and Delinea, but they were for smaller organizations, so we decided to adopt One Identity Safeguard.
What other advice do I have?
My advice to others looking into using One Identity Safeguard is to get familiar with the concepts of entitlements and access request policies, the keywords One Identity Safeguard uses, and also get familiar with the way that it handles session management and recording because it's a tool that needs a lot of time to get accustomed to. I give One Identity Safeguard an overall rating of eight out of ten.
SachinShelar
Privileged access has become centralized and streamlines multi-client audits and compliance
Reviewed on Dec 15, 2025
Review from a verified AWS customer
What is our primary use case?
Our main use case for One Identity Safeguard is as a privileged access management solution across multi-client environments. We use it to secure, control, and audit privileged accounts, enforce session monitoring and password vaulting, and provide just-in-time privileged access for admins, helping us reduce risk while meeting client security and compliance requirements.
A common example is admin access to client production servers. We use One Identity Safeguard to vault privileged credentials and grant just-in-time access only for approved change windows. All sessions are recorded and audited, which has significantly reduced credential exposure and helped us meet clients' audit and compliance requirements. As a service provider managing various customers, we prioritize this consideration.
One additional use case is centralized PAM management across multiple customer environments. We use One Identity Safeguard to standardize privileged access policies, rotate passwords automatically, and enforce session auditing in different client environments. This helps us solve the challenge of shared admin access and inconsistent access controls, improving security and compliance without increasing operational overhead and reducing our time to response.
What is most valuable?
The best features we can highlight are privileged password vaulting and automatic password rotation, just-in-time privileged access, and session monitoring and recording. These features together stand out because they significantly reduce credential exposure, enforce least privilege access, and provide full auditing visibility across multiple client environments, as we are a service delivery and IT service delivery company with multiple customer environments and access.
We rely most on just-in-time privileged access with credential vaulting. It is easy for the team to use day-to-day because access requests and approvals are streamlined and automated. Credentials are never exposed and sessions are automatically logged. After initial setup, adoption was smooth and it fit well into our existing operational workflows without adding stress to our operational team to adapt to the new technology.
One Identity Safeguard has strengthened privileged access security across our multiple client environments. We have seen a reduction in shared credentials and unauthorized access. We have also seen faster approval for admin tasks and improved audit readiness. It has streamlined compliance reporting and reduced the operational risk of managing multiple client environments manually.
Implementing this solution, we have reduced privileged account-related incidents by thirty percent. We have also cut manual password management time by nearly fifty to sixty percent. Just-in-time access has sped up admin task completion and improved our overall compliance reporting, allowing audits to be completed nearly half the time compared to earlier.
What needs improvement?
Reporting and dashboards can be made more customized, especially for client-specific views. We use session monitoring less often on low-risk systems, but it is very useful during audits or investigations.
One Identity Safeguard could be improved with flexible and customizable reporting, especially for client-specific dashboards, and simpler integration with cloud and SaaS platforms.
Additional improvements would include easier onboarding and setup for multiple client environments. One Identity Safeguard should provide pre-built templates for common PAM policies.
For how long have I used the solution?
We have been using One Identity Safeguard for the last three years.
What do I think about the stability of the solution?
One Identity Safeguard is stable.
What do I think about the scalability of the solution?
One Identity Safeguard is scalable.
How are customer service and support?
The customer support is great. They have knowledgeable staff and the documentation is also good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before that, we relied on manual privileged account management and native system tools, which was time-consuming and error-prone, and lacked centralized auditing. We switched to One Identity Safeguard to get automated privileged access and stronger compliance control over multiple client environments.
What was our ROI?
Privileged access and privileged account incidents have dropped by forty percent. Our manual access management time was cut by fifty percent. The time is reduced by nearly fifty percent for our audit preparation and compliance reporting compared to earlier.
Which other solutions did I evaluate?
Before that, we evaluated CyberArk. We selected One Identity Safeguard because it offered better integration with our existing infrastructure and streamlined automation for our multi-client infrastructure, which suited our operational and compliance needs.
What other advice do I have?
Plan your deployment carefully and ensure you have skilled resources and partner support for initial setup.
We have integrated One Identity Safeguard with our RPA workflows. It allows secure, automated privileged access for script bots and deployment processes, while ensuring session logging, password vaulting, and audit compliance across cloud-based operations.
The integration was relatively straightforward but required more planning, mapping RPA bots to just-in-time privileged access, and configuring credential vaulting took initial time. Once the setup was complete, it was fully automated and secure.
Our team has given positive feedback. They appreciate the user interface and the streamlined access request and automated credential management has reduced manual work and error. I would rate this review nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Nikhil Jethwa
Privileged access has become fully audited and password management now saves significant time
Reviewed on Dec 10, 2025
Review from a verified AWS customer
What is our primary use case?
One Identity Safeguard is used to secure privileged access management, credential vaulting, and session monitoring because we are an IT-based company that handles the IT infrastructure of our clients, making it very important to keep everything secure.
One Identity Safeguard vaults privileged service accounts and provides time-bound access, ensuring that all administrative actions are tracked, reviewed, and easily monitored. We also use One Identity Safeguard to securely check admin credentials for customer servers. All access is automatically recorded and monitored through session auditing, which helps us comply with our customers' requirements.
We centrally manage privileged credentials, enforce secure access workflows, and record privileged sessions to maintain compliance and strengthen the IT security we deliver to our customers.
What is most valuable?
The best feature for us is the secure password vaulting, session recording, and automated approval workflows, because this gives us strong control over privileged access and helps us stay compliant both within our organization and with respect to customer compliance. The second feature that stands out is the real-time session monitoring and automatic credential rotation.
Automatic credential rotation helps our team by removing the need for manual changes to privileged passwords, reducing the risk of stale or shared credentials and ensuring that every access is controlled and compliant. It saves time and reduces risk since passwords are rotated after every use, so no one keeps passwords for long-term access. This prevents misuse and limits the impact of credential leaks.
We have found that we are able to comply with all security standards through the password rotation, which has helped us improve our security posture by centrally managing all privileged action accounts and enforcing strict access control to these accounts. Since the session monitoring feature and audit trail are available, we can see what changes were made by the user, who used this, how many times, and what was done in this session. We have also seen a reduction in IT operations because of password credential rotation and password management, which has reduced our manual work and increased our efficiency and security.
Our manual intervention has decreased because of the time we were taking for password management, and we have increased security with roughly a twenty to thirty percent decrease in IT calls, allowing the IT team to do other jobs because the load of password management has decreased. We have increased accountability since every privileged action is now traceable, which significantly strengthens our internal security control, and we have been able to get the compliance checks done much faster.
We have saved time since we do not have to manually manage passwords because One Identity Safeguard has automated that process. We have saved approximately thirty to forty percent of our time, and our team is spending more time on critical issues rather than managing passwords. This has reduced repetitive IT tasks and allowed our team to focus on more significant projects, and it has also reduced the risk of breaches and costly security penalties.
We have always received positive feedback from our team. The password rotation feature of this product is appreciated by all users, and they like this because they have saved time using this product, since they were previously wasting time on password management and manual interventions.
What needs improvement?
One Identity Safeguard should provide more documentation and training to the team. They can also provide better integration flexibility with more built-in connectors, and easy API workflows would help integrate more with our custom tools. They should provide a faster user interface, as we have noticed that the user interface acts slow when there are a large number of accounts or concurrent sessions going on.
Not every product can be perfect. For example, some parts of the user interface can feel a bit slow when there is a large number of concurrent sessions going on, and the integration with certain third-party tools requires more extensive implementation and configuration. These reasons made me give it an eight instead of a ten, but these are not major issues and just keep it from being completely flawless.
For how long have I used the solution?
We have been using One Identity Safeguard for two years.
What do I think about the stability of the solution?
One Identity Safeguard is currently stable, and we have not found any issues. Since its implementation, we have not faced any major issues, and there has been no downtime.
What do I think about the scalability of the solution?
One Identity Safeguard is scalable. We are implementing it globally, starting from one line of business, and now we are expanding, so it is scalable without any issues.
How are customer service and support?
I cannot speak much about the pricing because I am from the technical team and pricing is looked at by the sales team in our organization. However, I can speak about the support, which is very good with faster response times, and the team helps us every time with minimal downtime if we face any issues.
We are satisfied with customer support. The support team is technically very strong and responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using CyberArk, but we switched to One Identity Safeguard because it was costly. Everything was good with CyberArk, but we needed to scale, and the licensing costs were high.
How was the initial setup?
We have deployed One Identity Safeguard in a phased manner. We deployed it for one line of business first, then for the second line, and we are planning to deploy it for other lines of business as well. The deployment for one line of business took approximately one month.
The privileged users adapted easily, and the deployment was done without disturbing our existing environment and setup, so there was no disruption, and the work went smoothly alongside the deployment.
What about the implementation team?
We did not face any significant challenges because the vendor team helped us with the integration, so the ease of integration was quite simple. We only had basic use cases like creating tickets for access requests, which are relatively straightforward, and there were not many complex integrations done. It was easy to integrate and the vendor team helped us with a step-by-step checklist for the integration with our existing SIEM and ITSM tools.
What was our ROI?
The pricing, costing, and licensing type is quite low compared to other products, so One Identity Safeguard is cheaper than other products, and the functions it has are worth the cost.
Which other solutions did I evaluate?
I was not part of the evaluation team, but the evaluation team must have evaluated other products. One example of an option that I personally evaluated was BeyondTrust Privileged Access Management .
What other advice do I have?
One thing other organizations should know about One Identity Safeguard is that it integrates well with the existing identity system, which is a very great point for other organizations to know before purchasing it because it makes it easier to deploy in their environment without changing the current workflow or existing network.
One Identity Safeguard provides heterogeneous integration with our existing products or legacy products, and the API integration is very helpful because it allows us to automate the onboarding of privileged accounts and integrate it with our existing ITSM tools, which is a really good thing about this product.
I would advise others looking into using One Identity Safeguard to choose this product because it is cheaper but provides great outcomes, and the security features are robust. I have given this product an overall rating of nine out of ten.
Which deployment model are you using for this solution?
Public Cloud