My use case mainly involves privileged access and access to privileged accounts and privileged systems.
Safeguard for Privileged Sessions
One IdentityExternal reviews
24 reviews
from
External reviews are not included in the AWS star rating for the product.
Centralized privileged access has improved control and now supports secure vendor billing oversight
What is our primary use case?
What is most valuable?
One Identity Safeguard's best features are that it provides easy control over your items and what you manage, and it is generally user-friendly, though we are still working on some issues.
The UI for the privileged passwords in One Identity Safeguard is really good. The support for it has also been excellent, but for the privileged sessions, the UI is not that great. We have it currently locked off, so only the administrators work in there, but it is not optimal. We are also missing a lot of documentation in my opinion for some of the features. Overall, it is acceptable. I would not say it is perfect, but it works.
The cloud assistant feature enables me to add an extra layer of security for critical passwords without needing time-consuming approval. We primarily use it for vendors, not for internal users, but we are moving towards having to use it more for internal use as well.
Since using One Identity Safeguard, we have more control over who accesses what, especially regarding vendors. We have seen billing actually go down because we now know how long vendors have been on the server and how long they have worked on it. Overall, we have a more centralized place to store items and have control over them.
What needs improvement?
The transparent mode is a seamless approach when using it. We have some issues with it, but we are working on it to make it work for us.
Managing remote access for privileged users with the secure remote access feature is both easy and hard depending on the scenario we face. We have some systems that are easy and take not even a minute to set up, while others take a bit longer.
We are in the middle of integrating One Identity Safeguard with the IGA solution, Identity Manager. We have some A2A setups, but it is not optimal. We are using RPA for developers, not actually RPA accounts, but that is something we are working on. We are also using the service account password rotation on the asset to some degree, and we are exploring options there.
For integrating One Identity Safeguard, figuring out how password rotation works is a bit difficult because we have to make custom integrations. After that, it was no problem really. For the A2A use, it is not as easy as using something like HashiCorp's password management tools.
It is mostly for certain features in One Identity Safeguard that I would like some improvements. Some of the things you can do in entitlements, there is a lot you can do there, but not everything is optimal. You have to have duplicates of a lot of things to make it work the way you want.
For how long have I used the solution?
I have been using One Identity Safeguard for four years.
What do I think about the stability of the solution?
For the SPPs, I would rate stability at ten. We have never had any issues other than on the upgrades, but those are planned. For the SPS, making a simple config change puts the downtime at about five minutes, so you cannot use any or create new sessions. That is a bit annoying because we have to plan every little change we do. Other than that, I do not think there is really that much.
What do I think about the scalability of the solution?
I would rate the scalability of One Identity Safeguard at maybe seven.
The general use for One Identity Safeguard is why I rate it seven. For the SPPs, we need to have a separate cluster for highly privileged items to access. For the SPSs as well, we need multiple clusters to reach multiple different items. It is a lot to set up instead of just having central management.
How are customer service and support?
We had the premier support for some time, but we are now currently on normal support.
I did not see any value in the premier support, which was the biggest issue and the reason we moved away from it.
I would rate the technical support for One Identity Safeguard at five from my experience, though some may have had other or better experiences.
We had some issues before that took an extremely long time to get fixed. However, I have also had some issues where I sent them a support ticket and they gave me the solution instantly. When we had a tier one ticket, it took about a month before we got it back up and running again.
Which solution did I use previously and why did I switch?
One Identity Safeguard was purchased through a partner purchase, and my experience with our partner was that it went pretty well. I am not directly part of the acquisition team, so I do not know how that works.
How was the initial setup?
Deploying One Identity Safeguard with just the bare minimum was no problem, but knowing everything you need to get in there takes time because we did not really have control over what existed. That was the main issue for us.
One Identity Safeguard was quite easy for the initial setup. The overall configuration with all the items, all the assets, and all the accounts is what takes time.
It took about a week to set up the appliance itself and configure it, but we are talking about maybe a year to get everything configured the way we wanted it for the initial phase.
Which other solutions did I evaluate?
One reason we decided to have HashiCorp still and try to use SPP to push passwords to the HashiCorp setup is the password vault feature. We mainly use HashiCorp for retrieval of passwords because it is a much more built-out environment with APIs and other tools to connect to it. For that, we prefer HashiCorp. However, for overall user experience for less DevOps tasks, One Identity Safeguard or PAM is better in that regard.
What other advice do I have?
It is not really that important to me that the secure remote access feature does not use a VPN because we only have it available internally. The goal is to make it easier for us to start a session, but we have some internal regulations making it not viable for us to make it available externally.
At the start, people thought One Identity Safeguard was hard to use. However, over time when they got used to it, they saw the benefit and the ease of use improved. We still have some people that are a bit harder to get to use it.
For the end user, there is really no issue in using One Identity Safeguard. They are told how to use it and usually figure it out for themselves. For the administrators, it takes a bit longer because there are quite a lot of options and things you can do. We currently have two in training, and they have been working with us for quite some time and still are not fully comfortable working with this PAM solution.
We have physical SPPs and virtual SPSs in One Identity Safeguard. I have no problem with the form factor of One Identity Safeguard's physical appliances, as they seem quite good for the use case.
One Identity Safeguard is deployed on-premises. The only maintenance we have is the upgrades, which happen every half a year I believe. Other than that, we just perform normal day-to-day tasks.
I would recommend One Identity Safeguard, but I would also recommend that they know everything they have before they actually start and prepare the users to be ready for a bit of change.
Privileged sessions have become controlled and recorded, and access requests now follow approvals
What is our primary use case?
One Identity Safeguard serves as our Privileged Access Management solution to enforce session management for administrators and allow them to access our systems in recorded sessions, which secures our environment.
In our daily operations, One Identity Safeguard acts as a centralized privileged credentials manager for our systems including Windows, Linux, network devices, and our database, allowing administrators to access our database systems in critical environments while recorded sessions ensure security and accountability.
We have just-in-time access with approvals, allowing administrative access to our users based on request and approvals, which helps us monitor requests for access to critical systems.
What is most valuable?
One of the best features One Identity Safeguard offers is its capability to integrate with many systems, which is valuable for us since we have multiple database systems with many vendors in our organization.
One Identity Safeguard positively impacts our organization by reducing the likelihood of breaches from privileged sprawl by removing shared admin passwords and enforcing control checkouts while also improving our investigation times and providing strong forensics from a centralized location.
What needs improvement?
The most common improvement needed is for upgrades. One Identity Safeguard's desktop client should have a faster and easier upgrade process that ensures compatibility.
For how long have I used the solution?
I have been using One Identity Safeguard for one year.
What do I think about the stability of the solution?
One Identity Safeguard is quite stable in my experience.
Which solution did I use previously and why did I switch?
I previously used One Identity before switching from CyberArk to One Identity Safeguard.
How was the initial setup?
The integration process for One Identity Safeguard was not straightforward. Initially, we faced a complex implementation that took about two months, but after that, we achieved a stable configuration and environment for user access to critical systems.
What about the implementation team?
The deployment was seamless for our privileged users, thanks to the professional third-party team we hired for the implementation service that helped us properly implement One Identity Safeguard.
What was our ROI?
The time saved with One Identity Safeguard is significant, and I can affirm that we have seen a return on investment.
What's my experience with pricing, setup cost, and licensing?
We have a separate department that studies setup costs for each product, but as far as my information goes, the pricing and setup costs are very good.
Which other solutions did I evaluate?
I did not evaluate other options before choosing One Identity Safeguard.
What other advice do I have?
The feedback from users regarding One Identity Safeguard's usability and functionality has been very good. All users have provided positive feedback, and we encourage them to reach out with any issues, but so far, we have had no problems reported.
My advice for those looking into using One Identity Safeguard is to study the integrations between the client and One Identity Safeguard, ensuring the compatibility matrix is visible to all administrators before upgrading the product. I rated this product a ten out of ten.
Privileged access has become just in time and audits are now simplified with full session recording
What is our primary use case?
We use One Identity Safeguard for privileged access management across multi-client public and private cloud environments. It is mainly used to vault and rotate privileged credentials and provide just-in-time access and enforce least privilege. We also use it to record and audit admin sessions for cloud VMs, databases, and infrastructure services without exposing passwords to the engineers working on-site or contractors.
For one client, we had an Azure environment where multiple support engineers needed temporary access to the production VMs for incident resolution. The challenge was shared admin accounts, no clear audit trails, and client audit perspective. We implemented One Identity Safeguard to vault the Azure VM local admin and service accounts, ensure JIT access via approval, allow engineers to connect via One Identity Safeguard brokered RDP and SSH without seeing passwords. We also record all privileged sessions and forward logs to the client's SIEM for full transparency. We achieved that no passwords were shared, full session recordings were available for audits, and access was faster during incidents.
We use One Identity Safeguard to standardize PAM controls across multiple client tenants and cloud platforms. We automated credential rotation for privileged and service accounts without service impact. We also reduced manual access management and operational risk in large-scale cloud environments across our multi-cloud, multi-client customers across the globe.
The integration with our RPA workflows allowed secure credential access for robots without exposing passwords, enabling automated RPA tasks to run smoothly across multiple client systems, which has reduced manual intervention and errors in repetitive workflows.
What is most valuable?
The best features we appreciate about One Identity Safeguard are privileged credential vaulting, session proxying and recording, and integration with ITSM security tools such as Jira, ServiceNow, SIEMs, and SOAR platforms that our clients have. The integration with these platforms was quite simple. Additionally, we appreciate role-based access control, just-in-time access, and least privilege.
The most relied upon feature we appreciated was the session-based just-in-time privileged access with credential isolation. It made the biggest difference in our organization because the engineers never see or handle privileged passwords, which helped us comply with our customer's compliance requirements. The access is time-bound and approval-based, reducing standing admin access, and all the SSH and RDP sessions are brokered and recorded for audit and troubleshooting.
What needs improvement?
The areas for improvement in One Identity Safeguard would be the UI and UX, meaning the admin console can be more intuitive for complex policy and workflow configuration. Additionally, the reporting can be made more customizable with a real-time dashboard without external SIEM dependency.
More improvements could be made regarding support and upgrades. Faster issue resolution and smoother upgrade paths for complex deployments could be an additional improvement area for this product.
For how long have I used the solution?
We have been using One Identity Safeguard for the last two years.
What do I think about the stability of the solution?
One Identity Safeguard is very stable in my experience.
What do I think about the scalability of the solution?
It is scalable as we have now scaled from serving one customer to multiple customers without any downtime or service interruption.
How are customer service and support?
The customer support for One Identity Safeguard is great. The technical team is responsive and very knowledgeable.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used CyberArk. The reason for switching was that we needed easier multi-client management for our customers with hybrid cloud environments and better integration with Jira, SIEM, and RPA workflows across multiple customer cloud environments.
How was the initial setup?
The deployment of the solution took place in phases. Initially, it took one month, and then we scaled it to the full organization globally.
What about the implementation team?
The admin and managers required one to two weeks of hands-on training for vaulting, policy creation, integrations, and session management. The end users required only one or two days to learn about requesting access, launching sessions, and approvals.
What was our ROI?
We have seen a return on investment because we have saved time, reducing access provisioning from hours to minutes. The efficiency of our team has increased as we have reduced manual credential management, allowing our IT team to focus on higher value tasks.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing was entirely based on the sales cost, while the setup was done by our vendor and our in-house team.
Which other solutions did I evaluate?
Integrating One Identity Safeguard with our RPA workflows was quite easy and not a time-consuming process. However, it did require perfect planning and plotting for the RPA bots to ensure just-in-time privileged access.
What other advice do I have?
One more point worth highlighting from a technical and operational perspective is the central policy enforcement across multi-cloud environments.
We have removed shared admin credentials, enforced just-in-time access management, simplified audits with session recording, and reduced manual access work, all thanks to One Identity Safeguard.
Access provisioning time has been reduced from hours to minutes using just-in-time access. We have zero audit findings related to privileged access after implementing this product and have reduced credential-related incidents by eliminating shared and static admin passwords.
I suggest that others considering using One Identity Safeguard go for it. Plan your vault structure and role-based access policies before deployment, and try to utilize more of its just-in-time access and security recording features from day one. I would rate this product an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Privileged access has become more controlled and auditable but the interface still needs simplification
What is our primary use case?
My main use case for One Identity Safeguard is for privileged access management to control, monitor, and secure access to critical systems, servers, and applications used by administrators and IT teams.
A quick specific example of how I use it for privileged access management in my environment is that when an administrator needs access to a critical server, they request access through One Identity Safeguard instead of using shared credentials. The system grants time-bound, approved access, rotates the password automatically after the session, and records the entire activity.
What is most valuable?
The best features One Identity Safeguard offers include Privileged Password Vaulting as the first one. The strongest features are Session Recording and Password Vaulting with rotation and Just-in-Time Access, which together give strong control and visibility and audit readiness.
The Session Recording feature specifically helps my team and makes things easier for audits or investigations by giving a clear, time-stamped playback of privileged activities. It removes guesswork, speeds up audits, and ensures full accountability for admin actions.
One Identity Safeguard has positively impacted my organization by improving our security posture, eliminating shared privileged credentials, increasing visibility into admin activity, and making compliance audits faster and more reliable.
What needs improvement?
One Identity Safeguard could be improved by simplifying the user interface and initial configuration process, especially for first-time users. More customizable reporting and clear in-app guidance would also help teams onboard faster and get deeper insights without additional effort.
For how long have I used the solution?
I have been using One Identity Safeguard for about one year.
What do I think about the stability of the solution?
One Identity Safeguard is very stable and can handle the workload easily; I have not seen any downtime.
What do I think about the scalability of the solution?
One Identity Safeguard scales well as the environment grows. It handles increasing numbers of privileged accounts, sessions, and cloud targets without performance issues, making it suitable for expanding and hybrid infrastructure.
How are customer service and support?
Customer support has been responsive and knowledgeable, being effective at resolving technical issues.
How would you rate customer service and support?
Negative
How was the initial setup?
The integration with my cloud environment and infrastructure systems was moderately easy. Core cloud and infrastructure integrations were straightforward with proper documentation, while fine-tuning policies and access workflows required some initial effort. Once configured, the integrations have been stable and reliable.
Administrators required moderate training to understand configuration, policies, and workflows, while end users needed minimal training since access requests and approvals are straightforward. Overall, onboarding was manageable with some initial guidance.
What was our ROI?
I have seen a return on investment through reduced audit effort and fewer security incidents related to privileged access, along with significant time savings for IT and security teams by automating access control and password management.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that pricing is on the higher side, but aligns with the security and compliance value it provides. Setup costs were mainly related to initial configuration and training, and licensing was straightforward.
Which other solutions did I evaluate?
I evaluated other options such as CyberArk and BeyondTrust before choosing One Identity Safeguard.
What other advice do I have?
User feedback has been generally positive around the solution's security and session recording and access control capabilities. However, some users have mentioned that the interface and initial learning curve could be more intuitive, especially for new or non-specialist users.
My advice for others looking into using One Identity Safeguard is to clearly define your privileged access use cases and policies before implementation. It gives stronger security and audit capabilities, but investing time in proper planning, setup, and training will help you get the most value from the solution. I would rate this review a 7.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Centralized privileged sessions have improved risk control and strengthened contractor oversight
What is our primary use case?
My main use case for One Identity Safeguard is using only one module for privileged session, which we use for admins and contractors.
A quick specific example of how my team uses One Identity Safeguard day-to-day is that we use only the second part for our contractors, not for admins in our company, but for companies that help us perform admin work and support our system.
What is most valuable?
The best features One Identity Safeguard offers include video recordings to help us control our support risks.
Accessing and reviewing those recordings when needed is easy, and there are no problems with recording or reviewing.
One Identity Safeguard has positively impacted my organization by helping us manage risk. We have this product as Balabit, which is a good product that is very light and helps us check or assist with our needs.
What needs improvement?
One Identity Safeguard could be improved with a password manager and an identity manager as one big access management system.
I believe improvements could be made around integrating with other tools.
For how long have I used the solution?
I have been using One Identity Safeguard for eight years.
What do I think about the stability of the solution?
I rated One Identity Safeguard nine out of 10 because the stability and control could be better, as there are some problems with stability and errors when we use it.
What do I think about the scalability of the solution?
As my organization grows or my needs increase, it is easy to add more users or expand the use of One Identity Safeguard, and that experience has been good.
How are customer service and support?
I would rate the customer support for One Identity Safeguard as eight on a scale of one to ten.
Which solution did I use previously and why did I switch?
I did not previously use a different solution before One Identity Safeguard.
How was the initial setup?
The deployment of One Identity Safeguard solution took one or two days.
The deployment affected my privileged users in a way that was pretty smooth.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated other options based on simplicity, price, and functionality.
What other advice do I have?
Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use.
My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality.
My company does not have a business relationship with One Identity Safeguard vendor other than being a customer.
I rated this review nine out of ten.
Modern privileged access workflows have improved user onboarding and secure password management
What is our primary use case?
Our main use case for One Identity Safeguard is to integrate it to clients that need the SPP functionality, which stands for Safeguard for Privileged Passwords. They do say that we could utilize One Identity Safeguard to its full extent for now, but we're getting there.
A quick specific example of how we use One Identity Safeguard with a client is that our latest client needed a password vault, so at first, we integrated One Identity Safeguard for Privileged Passwords, and then they asked for a personal vault so they could store their passwords and secrets, much like KeePass, so we integrated One Identity Safeguard Personal Vault as well. Lastly, they figured at some point down the line that they needed SPS as well, but only the primitive version of it, so we just decided to integrate SPS as well and form it into a cluster with SPP, but they don't use any third-party plugins as of now.
What is most valuable?
The best feature One Identity Safeguard offers is that it is a pretty new, modern tool that makes extensive use of its API. In general, it's easier than other tools to just perform maintenance work or perform work using the API of One Identity Safeguard. Also, the way that the access requests are structured—with entitlements and access request policies—makes it easier to govern data and identities. CyberArk, which is essentially the industry standard right now, is doing a very primitive job of helping the administrator with the task, and One Identity Safeguard is a lot better at this.
These features help my team day-to-day by making onboarding new users easier, and they also make it easier to create existing teams that are complete with their own password management, their own password profiles and rotations, password requirements, and who gets access to what, so it all makes it easier and faster.
One Identity Safeguard has positively impacted my organization by being another tool that we have in our arsenal to be able to get other clients as well, because we also sell One Identity IAM, and we can just bundle One Identity Safeguard with it. It also has a nice feature called remote access, which a lot of people want to use for externals in their organization, coupled with its just-in-time requisition, so it makes selling it much easier because One Identity is a company that's been in the field for ages.
What needs improvement?
One Identity Safeguard can be improved by fixing the documentation, which is very convoluted as of now, and addressing versioning, as some major bugs and issues are not documented well enough in the documentation, along with some patches and fixes. Custom plugins need to be introduced as soon as possible.
I give it an eight because it's a nice tool and it's a modern tool, but there are still some issues, not necessarily pertaining to the tool itself, but to the whole philosophy of One Identity and how they have structured their workflows and their knowledge base, which essentially has no knowledge base, just like CyberArk. There are some issues that need to be fixed, plus it does not have a custom option, and a lot of clients are using in-house made applications that also need to be onboarded to One Identity Safeguard to be able to launch a browser session to that application, which One Identity Safeguard has not had any capabilities that could assist with that.
For how long have I used the solution?
I have been using One Identity Safeguard for two and a half years, ever since we pivoted from CyberArk, as we wanted to be more tool-agnostic, and we decided that One Identity Safeguard was our best option because we had a past with One Identity, with us being in an IAM team.
What do I think about the stability of the solution?
One Identity Safeguard is stable.
What do I think about the scalability of the solution?
So far, we haven't had any issues with One Identity Safeguard's scalability; it's been fine, but we generally target smaller to mid-sized implementations.
How are customer service and support?
The customer support for One Identity Safeguard is fine for what it is, even though everything needs to be run through them and there are no knowledge bases, so we have to wait for a response from the One Identity Safeguard company, and they also keep a lot of information, requiring us to make a request and then they would need to reply, but it's acceptable overall. It's not the worst I've seen.
Which solution did I use previously and why did I switch?
I previously used CyberArk before switching to One Identity Safeguard.
How was the initial setup?
The deployment of the solution takes about two to four weeks, give or take, but that's not counting waiting for the client to respond and all that.
About a month of training is required for end-users, and for us, it was four months to understand One Identity Safeguard, but that was because we already had experience in other PAM tools like CyberArk.
What about the implementation team?
We are partners, executive partners, and resellers with this vendor.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been a good experience overall, as the back and forth with One Identity is something that is acceptable; other tools have options to do this automatically, and they have it, but pricing, presales, and sales is acceptable overall.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated Zero Trust and Delinea, but they were for smaller organizations, so we decided to adopt One Identity Safeguard.
What other advice do I have?
My advice to others looking into using One Identity Safeguard is to get familiar with the concepts of entitlements and access request policies, the keywords One Identity Safeguard uses, and also get familiar with the way that it handles session management and recording because it's a tool that needs a lot of time to get accustomed to. I give One Identity Safeguard an overall rating of eight out of ten.
Privileged access has become centralized and streamlines multi-client audits and compliance
What is our primary use case?
Our main use case for One Identity Safeguard is as a privileged access management solution across multi-client environments. We use it to secure, control, and audit privileged accounts, enforce session monitoring and password vaulting, and provide just-in-time privileged access for admins, helping us reduce risk while meeting client security and compliance requirements.
A common example is admin access to client production servers. We use One Identity Safeguard to vault privileged credentials and grant just-in-time access only for approved change windows. All sessions are recorded and audited, which has significantly reduced credential exposure and helped us meet clients' audit and compliance requirements. As a service provider managing various customers, we prioritize this consideration.
One additional use case is centralized PAM management across multiple customer environments. We use One Identity Safeguard to standardize privileged access policies, rotate passwords automatically, and enforce session auditing in different client environments. This helps us solve the challenge of shared admin access and inconsistent access controls, improving security and compliance without increasing operational overhead and reducing our time to response.
What is most valuable?
The best features we can highlight are privileged password vaulting and automatic password rotation, just-in-time privileged access, and session monitoring and recording. These features together stand out because they significantly reduce credential exposure, enforce least privilege access, and provide full auditing visibility across multiple client environments, as we are a service delivery and IT service delivery company with multiple customer environments and access.
We rely most on just-in-time privileged access with credential vaulting. It is easy for the team to use day-to-day because access requests and approvals are streamlined and automated. Credentials are never exposed and sessions are automatically logged. After initial setup, adoption was smooth and it fit well into our existing operational workflows without adding stress to our operational team to adapt to the new technology.
One Identity Safeguard has strengthened privileged access security across our multiple client environments. We have seen a reduction in shared credentials and unauthorized access. We have also seen faster approval for admin tasks and improved audit readiness. It has streamlined compliance reporting and reduced the operational risk of managing multiple client environments manually.
Implementing this solution, we have reduced privileged account-related incidents by thirty percent. We have also cut manual password management time by nearly fifty to sixty percent. Just-in-time access has sped up admin task completion and improved our overall compliance reporting, allowing audits to be completed nearly half the time compared to earlier.
What needs improvement?
Reporting and dashboards can be made more customized, especially for client-specific views. We use session monitoring less often on low-risk systems, but it is very useful during audits or investigations.
One Identity Safeguard could be improved with flexible and customizable reporting, especially for client-specific dashboards, and simpler integration with cloud and SaaS platforms.
Additional improvements would include easier onboarding and setup for multiple client environments. One Identity Safeguard should provide pre-built templates for common PAM policies.
For how long have I used the solution?
We have been using One Identity Safeguard for the last three years.
What do I think about the stability of the solution?
One Identity Safeguard is stable.
What do I think about the scalability of the solution?
One Identity Safeguard is scalable.
How are customer service and support?
The customer support is great. They have knowledgeable staff and the documentation is also good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before that, we relied on manual privileged account management and native system tools, which was time-consuming and error-prone, and lacked centralized auditing. We switched to One Identity Safeguard to get automated privileged access and stronger compliance control over multiple client environments.
What was our ROI?
Privileged access and privileged account incidents have dropped by forty percent. Our manual access management time was cut by fifty percent. The time is reduced by nearly fifty percent for our audit preparation and compliance reporting compared to earlier.
Which other solutions did I evaluate?
Before that, we evaluated CyberArk. We selected One Identity Safeguard because it offered better integration with our existing infrastructure and streamlined automation for our multi-client infrastructure, which suited our operational and compliance needs.
What other advice do I have?
Plan your deployment carefully and ensure you have skilled resources and partner support for initial setup.
We have integrated One Identity Safeguard with our RPA workflows. It allows secure, automated privileged access for script bots and deployment processes, while ensuring session logging, password vaulting, and audit compliance across cloud-based operations.
The integration was relatively straightforward but required more planning, mapping RPA bots to just-in-time privileged access, and configuring credential vaulting took initial time. Once the setup was complete, it was fully automated and secure.
Our team has given positive feedback. They appreciate the user interface and the streamlined access request and automated credential management has reduced manual work and error. I would rate this review nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Privileged access has been secured while real-time monitoring simplifies credential control
What is our primary use case?
My primary use case for One Identity Safeguard is privileged password vaulting and real-time session monitoring, which has been a game changer for managing sensitive access. I mainly use it to securely store, manage, and rotate privileged credentials across multiple environments. In my day-to-day work, I frequently need to provide temporary, controlled access to different users, including third-party vendors. In a recent project, we granted time-bound access through the privileged password vault and monitored vendor activity using session recording rather than direct password exposure. Another major advantage is One Identity Safeguard’s ability to integrate with existing systems, particularly for centralized privileged password management.
How has it helped my organization?
One Identity Safeguard has made a noticeable positive impact on our organization by giving us much better control and visibility over privileged access. We no longer have to worry about shared or unmanaged administrator passwords, as everything is securely stored and rotated automatically. Session recording has been especially helpful because we can see exactly what actions were performed, which has improved accountability and made audits much easier. It has also reduced manual effort for our IT and security teams, improved compliance, and lowered the overall risk of misuse or unauthorized access.
What is most valuable?
In my opinion, the strongest features of One Identity Safeguard are session monitoring, real-time session control, and the privileged password vault. The password vault has been a game changer because it provides a secure and controlled way to store, manage, and rotate sensitive credentials without exposing them to users. Session monitoring allows us to track and record privileged user activity in real time, which improves visibility and accountability. Overall, One Identity Safeguard has had a positive impact on our organization by strengthening security through centralized privileged access control and improving efficiency through automation. Real-time session monitoring has further enhanced oversight and reduced risk.
What needs improvement?
One Identity Safeguard does require some time to fully understand its features, and the initial setup could be simpler. There is a learning curve at the beginning, although it improves with regular use. If user access and control management were more intuitive, it would further enhance the overall experience. With these improvements, the platform would be even more user-friendly.
For how long have I used the solution?
I have been using One Identity Safeguard for around a month.
What do I think about the stability of the solution?
One Identity Safeguard has been stable for me so far.
What do I think about the scalability of the solution?
In my experience, One Identity Safeguard is pretty scalable.
How are customer service and support?
I have not used One Identity Safeguard's customer support until now.
Which solution did I use previously and why did I switch?
I did not previously use a different solution before One Identity Safeguard.
How was the initial setup?
The deployment of One Identity Safeguard solution has been ongoing and is still under development. We are still deploying new changes, and it takes around three to four weeks.
We are still configuring the training required to start using One Identity Safeguard. However, it took some time for our administrators, and we are still determining how much time the end users will take to use it.
The deployment of One Identity Safeguard affected our privileged users smoothly, and it was pretty smooth.
Which other solutions did I evaluate?
We are still evaluating other options before choosing One Identity Safeguard, but so far, we see that One Identity Safeguard is much better.
What other advice do I have?
Overall, I have found One Identity Safeguard to be a very good solution. I would rate it an eight out of ten due to its strong security capabilities, excellent automated privileged password management, and effective real-time session monitoring. User feedback within our organization has been positive so far, and we are continuing to gather more input. My advice to others considering One Identity Safeguard is to evaluate it through a trial or demo, as pricing can be an important factor depending on organizational needs. Our company’s relationship with One Identity is strictly as a customer; we are not a partner or reseller.
Privileged access has become fully audited and password management now saves significant time
What is our primary use case?
One Identity Safeguard is used to secure privileged access management, credential vaulting, and session monitoring because we are an IT-based company that handles the IT infrastructure of our clients, making it very important to keep everything secure.
One Identity Safeguard vaults privileged service accounts and provides time-bound access, ensuring that all administrative actions are tracked, reviewed, and easily monitored. We also use One Identity Safeguard to securely check admin credentials for customer servers. All access is automatically recorded and monitored through session auditing, which helps us comply with our customers' requirements.
We centrally manage privileged credentials, enforce secure access workflows, and record privileged sessions to maintain compliance and strengthen the IT security we deliver to our customers.
What is most valuable?
The best feature for us is the secure password vaulting, session recording, and automated approval workflows, because this gives us strong control over privileged access and helps us stay compliant both within our organization and with respect to customer compliance. The second feature that stands out is the real-time session monitoring and automatic credential rotation.
Automatic credential rotation helps our team by removing the need for manual changes to privileged passwords, reducing the risk of stale or shared credentials and ensuring that every access is controlled and compliant. It saves time and reduces risk since passwords are rotated after every use, so no one keeps passwords for long-term access. This prevents misuse and limits the impact of credential leaks.
We have found that we are able to comply with all security standards through the password rotation, which has helped us improve our security posture by centrally managing all privileged action accounts and enforcing strict access control to these accounts. Since the session monitoring feature and audit trail are available, we can see what changes were made by the user, who used this, how many times, and what was done in this session. We have also seen a reduction in IT operations because of password credential rotation and password management, which has reduced our manual work and increased our efficiency and security.
Our manual intervention has decreased because of the time we were taking for password management, and we have increased security with roughly a twenty to thirty percent decrease in IT calls, allowing the IT team to do other jobs because the load of password management has decreased. We have increased accountability since every privileged action is now traceable, which significantly strengthens our internal security control, and we have been able to get the compliance checks done much faster.
We have saved time since we do not have to manually manage passwords because One Identity Safeguard has automated that process. We have saved approximately thirty to forty percent of our time, and our team is spending more time on critical issues rather than managing passwords. This has reduced repetitive IT tasks and allowed our team to focus on more significant projects, and it has also reduced the risk of breaches and costly security penalties.
We have always received positive feedback from our team. The password rotation feature of this product is appreciated by all users, and they like this because they have saved time using this product, since they were previously wasting time on password management and manual interventions.
What needs improvement?
One Identity Safeguard should provide more documentation and training to the team. They can also provide better integration flexibility with more built-in connectors, and easy API workflows would help integrate more with our custom tools. They should provide a faster user interface, as we have noticed that the user interface acts slow when there are a large number of accounts or concurrent sessions going on.
Not every product can be perfect. For example, some parts of the user interface can feel a bit slow when there is a large number of concurrent sessions going on, and the integration with certain third-party tools requires more extensive implementation and configuration. These reasons made me give it an eight instead of a ten, but these are not major issues and just keep it from being completely flawless.
For how long have I used the solution?
We have been using One Identity Safeguard for two years.
What do I think about the stability of the solution?
One Identity Safeguard is currently stable, and we have not found any issues. Since its implementation, we have not faced any major issues, and there has been no downtime.
What do I think about the scalability of the solution?
One Identity Safeguard is scalable. We are implementing it globally, starting from one line of business, and now we are expanding, so it is scalable without any issues.
How are customer service and support?
I cannot speak much about the pricing because I am from the technical team and pricing is looked at by the sales team in our organization. However, I can speak about the support, which is very good with faster response times, and the team helps us every time with minimal downtime if we face any issues.
We are satisfied with customer support. The support team is technically very strong and responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using CyberArk, but we switched to One Identity Safeguard because it was costly. Everything was good with CyberArk, but we needed to scale, and the licensing costs were high.
How was the initial setup?
We have deployed One Identity Safeguard in a phased manner. We deployed it for one line of business first, then for the second line, and we are planning to deploy it for other lines of business as well. The deployment for one line of business took approximately one month.
The privileged users adapted easily, and the deployment was done without disturbing our existing environment and setup, so there was no disruption, and the work went smoothly alongside the deployment.
What about the implementation team?
We did not face any significant challenges because the vendor team helped us with the integration, so the ease of integration was quite simple. We only had basic use cases like creating tickets for access requests, which are relatively straightforward, and there were not many complex integrations done. It was easy to integrate and the vendor team helped us with a step-by-step checklist for the integration with our existing SIEM and ITSM tools.
What was our ROI?
The pricing, costing, and licensing type is quite low compared to other products, so One Identity Safeguard is cheaper than other products, and the functions it has are worth the cost.
Which other solutions did I evaluate?
I was not part of the evaluation team, but the evaluation team must have evaluated other products. One example of an option that I personally evaluated was BeyondTrust Privileged Access Management.
What other advice do I have?
One thing other organizations should know about One Identity Safeguard is that it integrates well with the existing identity system, which is a very great point for other organizations to know before purchasing it because it makes it easier to deploy in their environment without changing the current workflow or existing network.
One Identity Safeguard provides heterogeneous integration with our existing products or legacy products, and the API integration is very helpful because it allows us to automate the onboarding of privileged accounts and integrate it with our existing ITSM tools, which is a really good thing about this product.
I would advise others looking into using One Identity Safeguard to choose this product because it is cheaper but provides great outcomes, and the security features are robust. I have given this product an overall rating of nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Simplified implementation and robust security infrastructure enhance user experience
What is our primary use case?
I am not a customer; I am a partner. Therefore, I assist clients in implementing One Identity Safeguard to manage privileged account access and their passwords. The primary aim is to reduce the attack surface of those accounts.
What is most valuable?
The best feature of One Identity Safeguard is its infrastructure simplicity compared to other solutions. Joining two clusters together makes it easy and robust at the same time. The interface is robust and secure, and with recent releases, it has become more stable. Implementation is straightforward, and user experience is simple.
What needs improvement?
There is room for improvement in integration between modules. The native integration between SPP and SPS, which is currently based on a plugin, could be enhanced. Customization for lookup passwords could also be made easier.
For how long have I used the solution?
I have been working with One Identity Safeguard since 2019.
What was my experience with deployment of the solution?
Most of my users have been using the on-premises solution. There was a customer who used the physical appliance, but most installations involved virtual appliances. Deployment for my clients takes from three to eight months.
What do I think about the stability of the solution?
In terms of stability, I rate One Identity Safeguard nine to ten out of ten. It is a fairly stable solution with improvements over time.
What do I think about the scalability of the solution?
The scalability of One Identity Safeguard is perfect, scoring ten out of ten. It is suitable for medium to enterprise-level clients.
How are customer service and support?
I rate customer support six out of ten. It needs improvement as it can significantly impact customer access. It would be beneficial to have a more direct route to second-level support from partners.
Which solution did I use previously and why did I switch?
I am aware of CyberArk. Compared to CyberArk, One Identity Safeguard could be more mature. However, it is a good solution in terms of cost-benefit.
How was the initial setup?
The initial setup is relatively simple compared to other solutions. It is straightforward for most users.
What was our ROI?
While it does not directly reduce costs in terms of personnel, One Identity Safeguard offers increased security, especially in password management.
What's my experience with pricing, setup cost, and licensing?
The pricing of One Identity Safeguard is fairly priced and cheaper than other solutions of the same enterprise level. It provides a good cost-benefit ratio.
Which other solutions did I evaluate?
I have knowledge of CyberArk as an alternative solution.
What other advice do I have?
I recommend One Identity Safeguard because it is valuable in terms of cost-benefit. It is simple to implement, and its infrastructure costs are lower than other solutions. It provides a flexible approach, offering both on-premises and cloud solutions. Overall, I rate One Identity Safeguard eight out of ten.
showing 1 - 10