Safeguard for Privileged Sessions

My main use case for One Identity Safeguard  is controlling low-level admin access to systems without directly sharing traditional credentials. Day to day, we allow access through One Identity Safeguard , which automatically handles authentication in the backend instead of giving passwords.

In our setup, we use One Identity Safeguard to control admin access by not sharing admin credentials directly with users anymore. Everything goes through One Identity Safeguard, where if an admin needs access to production servers, they log in to One Identity Safeguard and request access to that particular system instead of receiving the username and password.

Regarding my main use case with One Identity Safeguard, during the session, everything is monitored and recorded, such as what commands we run and what changes we have made. If anything looks suspicious, we can terminate the session or review it later, which is very helpful.

From my experience using One Identity Safeguard, several features really stand out from a practical day-to-day security perspective, particularly the session monitoring and recording, as well as the strong feature of password vaulting and auto-rotation.

With session monitoring from One Identity Safeguard, earlier we only had logs that were not very useful during investigations. Now we can replay full sessions and see exactly what the admin did. The password auto-rotation has removed a lot of manual effort and risk, as previously passwords were shared among multiple admins and rarely changed on time. Now, after every session or based on policy, passwords get rotated automatically.

Overall, One Identity Safeguard has had a pretty positive impact on our environment, mainly around security control, visibility, and accountability. The biggest change has been that privileged access is no longer uncontrolled.

The impact on privileged access after implementing One Identity Safeguard has been quite noticeable, as earlier access was more static. Now everything is controlled and time-bound, significantly reducing unnecessary privileged access.

While One Identity Safeguard is a solid PAM solution, there are definitely a few areas for improvement, particularly the UI and overall user experience, which is fine but not very intuitive sometimes. This causes new users to take time to understand navigation and workflows.

A more modern and simplified UI for One Identity Safeguard would really be helpful.

I have been using One Identity Safeguard for more than one year.

One Identity Safeguard is a very stable and reliable solution in my experience.

The scalability of One Identity Safeguard is quite good and works well for growing environments from my experience.

Customer support for One Identity Safeguard is very nice and quick, with the support team being very experienced.

The deployment of One Identity Safeguard took roughly two to three weeks in our case, end-to-end.

During the initial deployment of One Identity Safeguard, there was a slight impact on privileged users, but it was manageable. Admins had to adjust to a new way of working, having to request access through One Identity Safeguard and follow the approval workflow instead of directly using credentials.

The amount of training required for One Identity Safeguard really depends on the role, as the learning curve is higher for administrators or security teams managing the solution. These roles needed a few sessions to properly understand policy configuration, access workflow, and password vaulting and integration.

We definitely see a positive return on investment after implementing One Identity Safeguard in terms of risk reduction and time saving rather than direct cost savings.

We have not evaluated any other options before choosing One Identity Safeguard, as it was referred to us by a friend.

If you are planning to use One Identity Safeguard, my main advice would be to focus on proper planning before implementation. Take time to understand your environment and identify critical assets while defining clear access policies and approval workflows from the beginning rather than just deploying it and onboarding systems randomly.

Overall, my experience with One Identity Safeguard has been quite positive, as it really shows its value over time. Initially, it may seem an extra layer of IT for users, but once implemented, the importance of that control and visibility becomes clear.

I have no changes to suggest for the future as everything is good. I would rate this review a 10.

Our main use case for One Identity Safeguard  is to manage and secure privileged accounts, session monitoring, and recording for audit purposes while also providing controlled access to vendors or our internal team, and enforcing least privilege access.

The best feature of One Identity Safeguard , in my opinion, is its session monitoring, which includes full visibility with session recording, user-friendly access control, and helps in a compliance-ready environment.

The session monitoring feature of One Identity Safeguard stands out because it provides full visibility on which user is accessing which servers at what time, collecting all these logs and also providing data that can be used for audit purposes.

One Identity Safeguard has positively impacted our organization by providing strong security, compliance, and the data required for audits, making it really helpful.

One Identity Safeguard is working perfectly for our organization. The initial setup could be simplified, and more documentation would be needed for faster implementation.

I have been using One Identity Safeguard for more than two years.

One Identity Safeguard is stable.

One Identity Safeguard is excellent regarding scalability.

Customer support is good; they are technical experts and efficiently resolve issues.

The deployment of One Identity Safeguard took less than two weeks to fully implement and use.

We have integrated One Identity Safeguard with Active Directory.

The integration with Active Directory was straightforward.

The integration with Active Directory has simplified our work for managing user data.

There is a very good return on investment from One Identity Safeguard, as we are saving time along with money.

I advise anyone looking for a solution for security audits, session monitoring, or access control to consider One Identity Safeguard as one of the best solutions available in the market, so it is highly recommended.

My main use case for One Identity Safeguard  in day-to-day work is to provide identity across all user accounts and domains, and it improves security across the enterprise by providing enhanced features with respect to this identity solution.

I primarily use One Identity Safeguard  for protecting security across all user accounts, enterprise data accounts, assets, as well as privileged access, domain user, and admin accounts, giving SSO  features and providing security across all user accounts.

One Identity Safeguard offers the ability to identify and revoke access easily for terminated accounts, which reduces risk and simplifies control of access in case of detected threats.

It reduces a lot of risk and saves time; every account is synced, and it can grant access with role-based permissions across all users quickly, alerting us if any threat is detected.

I find that the deployment of One Identity Safeguard is very easy, with good integration and scalability of user accounts, enhancing feature capabilities and providing strong product support.

The user interface can be improved for better searching of user accounts, and if One Identity enhances its support in that area, it would be very helpful.

If One Identity improves integration during migration from other platforms, it will definitely enhance the overall experience.

If the integration and connectivity can be improved during deployment, it would greatly aid the overall experience.

I have been using One Identity Safeguard for more than two years.

As of now, I have not experienced any downtime or reliability issues with One Identity Safeguard.

One Identity Safeguard's scalability features are good, allowing me to improve the scale in terms of resources and user accounts.

For small issues, I have raised support cases with One Identity, and the team has been very cooperative and responsive in providing support and documentation.

I previously used SailPoint, but One Identity Safeguard is better in terms of product features.

The deployment took three phases: first, I got support from the vendor for integration, second, I deployed across all users, and finally , I identified any associated risks.

I performed the deployment in different stages for not all users, ensuring that privileged user accounts transitioned smoothly onto One Identity Safeguard.

I had some formal sessions from the vendor that provided visibility into improved features, capability, enhanced security control, user accessibility, and granting access, and the team is very comfortable now.

I saved both money and time as a result of using One Identity Safeguard.

I did not face any challenges with pricing, setup costs, and licensing, but for improved features, I need to address licensing.

Before choosing One Identity Safeguard, I evaluated Saviynt, Delinea, and Octa, finding One Identity Safeguard to be the most suitable.

In the context of increasing cyber threats across organizations, I would advise others that using One Identity Safeguard is crucial for protection. I would rate this review a 9 out of 10.

My main use case for One Identity Safeguard  is to safeguard my password as well as my login IDs when I'm working from home, as it provides better safety for my passwords and for my login IDs.

When we log in, we get two-factor authentication, which I use for safeguarding my passwords or login IDs while working from home, and that makes it safer compared to other software.

One Identity Safeguard  helps in keeping my login IDs and passwords safe, and that is very important to me.

The best feature that One Identity Safeguard provides is its flexibility, as well as the fact that it integrates well with other software like Salesforce , which I really appreciate.

The integration part of One Identity Safeguard has been quite beneficial for my workflow, especially with tools like Salesforce .

One Identity Safeguard is flexible and provides out-of-the-box integrations that have been very helpful for me, and the installation process was quite easy and smooth, which I would also rate as a feature.

One Identity Safeguard has positively impacted us because the fear of theft of passwords or IDs has been reduced to almost zero, significantly enhancing our security.

The reduction in password or ID theft risk with One Identity Safeguard has led to measurable changes as security incidents have been reduced, positively impacting us and increasing our efficiency.

In terms of improvement for One Identity Safeguard, I would like to say that the customer support needs to be improved and the pricing needs to be a bit more reasonable, as these are the two factors that require attention.

Regarding customer support for One Identity Safeguard specifically, there has been lag and they are not very responsive, which needs to be improved immediately.

I have been using One Identity Safeguard for the past eight months.

One Identity Safeguard is stable.

One Identity Safeguard's scalability is quite good, as it is scalable according to the needs of the enterprise.

The customer support for One Identity Safeguard was not very good and definitely needs to be improved.

The deployment of One Identity Safeguard took around three months.

The deployment of One Identity Safeguard affected our privileged users seamlessly, without disruption.

We use the on-demand version of One Identity Safeguard because it provides us flexibility, which was the main reason for choosing that version.

I can say we have seen a return on investment with One Identity Safeguard as we have saved a lot of time and manpower, although I cannot give a specific number for that.

My experience with pricing for One Identity Safeguard indicated that the pricing was a bit high, while the setup cost was manageable and the licensing was acceptable; overall, the cost aspect was on the higher side.

The feedback I have received from users regarding One Identity Safeguard's usability and functionality has been positive, as the usability aspect has been quite good and it is easy to learn and user-friendly.

The training required to start using One Identity Safeguard was not very extensive, but a bit of training was needed, and it was a smooth process.

If you are looking into using One Identity Safeguard, I would advise that if you are looking for user-friendly software that integrates well with other software, and if you do not mind spending a bit of extra money for that, then One Identity Safeguard is the go-to solution for you. I would rate this product a 7 out of 10.

My use case mainly involves privileged access and access to privileged accounts and privileged systems.

One Identity Safeguard 's best features are that it provides easy control over your items and what you manage, and it is generally user-friendly, though we are still working on some issues.

The UI for the privileged passwords in One Identity Safeguard  is really good. The support for it has also been excellent, but for the privileged sessions, the UI is not that great. We have it currently locked off, so only the administrators work in there, but it is not optimal. We are also missing a lot of documentation in my opinion for some of the features. Overall, it is acceptable. I would not say it is perfect, but it works.

The cloud assistant feature enables me to add an extra layer of security for critical passwords without needing time-consuming approval. We primarily use it for vendors, not for internal users, but we are moving towards having to use it more for internal use as well.

Since using One Identity Safeguard, we have more control over who accesses what, especially regarding vendors. We have seen billing actually go down because we now know how long vendors have been on the server and how long they have worked on it. Overall, we have a more centralized place to store items and have control over them.

The transparent mode is a seamless approach when using it. We have some issues with it, but we are working on it to make it work for us.

Managing remote access for privileged users with the secure remote access feature is both easy and hard depending on the scenario we face. We have some systems that are easy and take not even a minute to set up, while others take a bit longer.

We are in the middle of integrating One Identity Safeguard with the IGA  solution, Identity Manager. We have some A2A setups, but it is not optimal. We are using RPA  for developers, not actually RPA  accounts, but that is something we are working on. We are also using the service account password rotation on the asset to some degree, and we are exploring options there.

For integrating One Identity Safeguard, figuring out how password rotation works is a bit difficult because we have to make custom integrations. After that, it was no problem really. For the A2A use, it is not as easy as using something like HashiCorp's password management tools.

It is mostly for certain features in One Identity Safeguard that I would like some improvements. Some of the things you can do in entitlements, there is a lot you can do there, but not everything is optimal. You have to have duplicates of a lot of things to make it work the way you want.

I have been using One Identity Safeguard for four years.

For the SPPs, I would rate stability at ten. We have never had any issues other than on the upgrades, but those are planned. For the SPS, making a simple config change puts the downtime at about five minutes, so you cannot use any or create new sessions. That is a bit annoying because we have to plan every little change we do. Other than that, I do not think there is really that much.

I would rate the scalability of One Identity Safeguard at maybe seven.

The general use for One Identity Safeguard is why I rate it seven. For the SPPs, we need to have a separate cluster for highly privileged items to access. For the SPSs as well, we need multiple clusters to reach multiple different items. It is a lot to set up instead of just having central management.

We had the premier support for some time, but we are now currently on normal support.

I did not see any value in the premier support, which was the biggest issue and the reason we moved away from it.

I would rate the technical support for One Identity Safeguard at five from my experience, though some may have had other or better experiences.

We had some issues before that took an extremely long time to get fixed. However, I have also had some issues where I sent them a support ticket and they gave me the solution instantly. When we had a tier one ticket, it took about a month before we got it back up and running again.

One Identity Safeguard was purchased through a partner purchase, and my experience with our partner was that it went pretty well. I am not directly part of the acquisition team, so I do not know how that works.

Deploying One Identity Safeguard with just the bare minimum was no problem, but knowing everything you need to get in there takes time because we did not really have control over what existed. That was the main issue for us.

One Identity Safeguard was quite easy for the initial setup. The overall configuration with all the items, all the assets, and all the accounts is what takes time.

It took about a week to set up the appliance itself and configure it, but we are talking about maybe a year to get everything configured the way we wanted it for the initial phase.

One reason we decided to have HashiCorp still and try to use SPP to push passwords to the HashiCorp setup is the password vault feature. We mainly use HashiCorp for retrieval of passwords because it is a much more built-out environment with APIs and other tools to connect to it. For that, we prefer HashiCorp. However, for overall user experience for less DevOps tasks, One Identity Safeguard or PAM is better in that regard.

It is not really that important to me that the secure remote access feature does not use a VPN because we only have it available internally. The goal is to make it easier for us to start a session, but we have some internal regulations making it not viable for us to make it available externally.

At the start, people thought One Identity Safeguard was hard to use. However, over time when they got used to it, they saw the benefit and the ease of use improved. We still have some people that are a bit harder to get to use it.

For the end user, there is really no issue in using One Identity Safeguard. They are told how to use it and usually figure it out for themselves. For the administrators, it takes a bit longer because there are quite a lot of options and things you can do. We currently have two in training, and they have been working with us for quite some time and still are not fully comfortable working with this PAM solution.

We have physical SPPs and virtual SPSs in One Identity Safeguard. I have no problem with the form factor of One Identity Safeguard's physical appliances, as they seem quite good for the use case.

One Identity Safeguard is deployed on-premises. The only maintenance we have is the upgrades, which happen every half a year I believe. Other than that, we just perform normal day-to-day tasks.

I would recommend One Identity Safeguard, but I would also recommend that they know everything they have before they actually start and prepare the users to be ready for a bit of change.