Our main use case for One Identity Safeguard is to manage and secure privileged accounts, session monitoring, and recording for audit purposes while also providing controlled access to vendors or our internal team, and enforcing least privilege access.

The best feature of One Identity Safeguard, in my opinion, is its session monitoring, which includes full visibility with session recording, user-friendly access control, and helps in a compliance-ready environment.

The session monitoring feature of One Identity Safeguard stands out because it provides full visibility on which user is accessing which servers at what time, collecting all these logs and also providing data that can be used for audit purposes.

One Identity Safeguard has positively impacted our organization by providing strong security, compliance, and the data required for audits, making it really helpful.

One Identity Safeguard is working perfectly for our organization. The initial setup could be simplified, and more documentation would be needed for faster implementation.

I have been using One Identity Safeguard for more than two years.

One Identity Safeguard is stable.

One Identity Safeguard is excellent regarding scalability.

Customer support is good; they are technical experts and efficiently resolve issues.

The deployment of One Identity Safeguard took less than two weeks to fully implement and use.

We have integrated One Identity Safeguard with Active Directory.

The integration with Active Directory was straightforward.

The integration with Active Directory has simplified our work for managing user data.

There is a very good return on investment from One Identity Safeguard, as we are saving time along with money.

I advise anyone looking for a solution for security audits, session monitoring, or access control to consider One Identity Safeguard as one of the best solutions available in the market, so it is highly recommended.

My main use case for One Identity Safeguard in day-to-day work is to provide identity across all user accounts and domains, and it improves security across the enterprise by providing enhanced features with respect to this identity solution.

I primarily use One Identity Safeguard for protecting security across all user accounts, enterprise data accounts, assets, as well as privileged access, domain user, and admin accounts, giving SSO features and providing security across all user accounts.

One Identity Safeguard offers the ability to identify and revoke access easily for terminated accounts, which reduces risk and simplifies control of access in case of detected threats.

It reduces a lot of risk and saves time; every account is synced, and it can grant access with role-based permissions across all users quickly, alerting us if any threat is detected.

I find that the deployment of One Identity Safeguard is very easy, with good integration and scalability of user accounts, enhancing feature capabilities and providing strong product support.

The user interface can be improved for better searching of user accounts, and if One Identity enhances its support in that area, it would be very helpful.

If One Identity improves integration during migration from other platforms, it will definitely enhance the overall experience.

If the integration and connectivity can be improved during deployment, it would greatly aid the overall experience.

I have been using One Identity Safeguard for more than two years.

As of now, I have not experienced any downtime or reliability issues with One Identity Safeguard.

One Identity Safeguard's scalability features are good, allowing me to improve the scale in terms of resources and user accounts.

For small issues, I have raised support cases with One Identity, and the team has been very cooperative and responsive in providing support and documentation.

I previously used SailPoint, but One Identity Safeguard is better in terms of product features.

The deployment took three phases: first, I got support from the vendor for integration, second, I deployed across all users, and finally, I identified any associated risks.

I performed the deployment in different stages for not all users, ensuring that privileged user accounts transitioned smoothly onto One Identity Safeguard.

I had some formal sessions from the vendor that provided visibility into improved features, capability, enhanced security control, user accessibility, and granting access, and the team is very comfortable now.

I saved both money and time as a result of using One Identity Safeguard.

I did not face any challenges with pricing, setup costs, and licensing, but for improved features, I need to address licensing.

Before choosing One Identity Safeguard, I evaluated Saviynt, Delinea, and Octa, finding One Identity Safeguard to be the most suitable.

In the context of increasing cyber threats across organizations, I would advise others that using One Identity Safeguard is crucial for protection. I would rate this review a 9 out of 10.

My use case mainly involves privileged access and access to privileged accounts and privileged systems.

One Identity Safeguard's best features are that it provides easy control over your items and what you manage, and it is generally user-friendly, though we are still working on some issues.

The UI for the privileged passwords in One Identity Safeguard is really good. The support for it has also been excellent, but for the privileged sessions, the UI is not that great. We have it currently locked off, so only the administrators work in there, but it is not optimal. We are also missing a lot of documentation in my opinion for some of the features. Overall, it is acceptable. I would not say it is perfect, but it works.

The cloud assistant feature enables me to add an extra layer of security for critical passwords without needing time-consuming approval. We primarily use it for vendors, not for internal users, but we are moving towards having to use it more for internal use as well.

Since using One Identity Safeguard, we have more control over who accesses what, especially regarding vendors. We have seen billing actually go down because we now know how long vendors have been on the server and how long they have worked on it. Overall, we have a more centralized place to store items and have control over them.

The transparent mode is a seamless approach when using it. We have some issues with it, but we are working on it to make it work for us.

Managing remote access for privileged users with the secure remote access feature is both easy and hard depending on the scenario we face. We have some systems that are easy and take not even a minute to set up, while others take a bit longer.

We are in the middle of integrating One Identity Safeguard with the IGA solution, Identity Manager. We have some A2A setups, but it is not optimal. We are using RPA for developers, not actually RPA accounts, but that is something we are working on. We are also using the service account password rotation on the asset to some degree, and we are exploring options there.

For integrating One Identity Safeguard, figuring out how password rotation works is a bit difficult because we have to make custom integrations. After that, it was no problem really. For the A2A use, it is not as easy as using something like HashiCorp's password management tools.

It is mostly for certain features in One Identity Safeguard that I would like some improvements. Some of the things you can do in entitlements, there is a lot you can do there, but not everything is optimal. You have to have duplicates of a lot of things to make it work the way you want.

I have been using One Identity Safeguard for four years.

For the SPPs, I would rate stability at ten. We have never had any issues other than on the upgrades, but those are planned. For the SPS, making a simple config change puts the downtime at about five minutes, so you cannot use any or create new sessions. That is a bit annoying because we have to plan every little change we do. Other than that, I do not think there is really that much.

I would rate the scalability of One Identity Safeguard at maybe seven.

The general use for One Identity Safeguard is why I rate it seven. For the SPPs, we need to have a separate cluster for highly privileged items to access. For the SPSs as well, we need multiple clusters to reach multiple different items. It is a lot to set up instead of just having central management.

We had the premier support for some time, but we are now currently on normal support.

I did not see any value in the premier support, which was the biggest issue and the reason we moved away from it.

I would rate the technical support for One Identity Safeguard at five from my experience, though some may have had other or better experiences.

We had some issues before that took an extremely long time to get fixed. However, I have also had some issues where I sent them a support ticket and they gave me the solution instantly. When we had a tier one ticket, it took about a month before we got it back up and running again.

One Identity Safeguard was purchased through a partner purchase, and my experience with our partner was that it went pretty well. I am not directly part of the acquisition team, so I do not know how that works.

Deploying One Identity Safeguard with just the bare minimum was no problem, but knowing everything you need to get in there takes time because we did not really have control over what existed. That was the main issue for us.

One Identity Safeguard was quite easy for the initial setup. The overall configuration with all the items, all the assets, and all the accounts is what takes time.

It took about a week to set up the appliance itself and configure it, but we are talking about maybe a year to get everything configured the way we wanted it for the initial phase.

One reason we decided to have HashiCorp still and try to use SPP to push passwords to the HashiCorp setup is the password vault feature. We mainly use HashiCorp for retrieval of passwords because it is a much more built-out environment with APIs and other tools to connect to it. For that, we prefer HashiCorp. However, for overall user experience for less DevOps tasks, One Identity Safeguard or PAM is better in that regard.

It is not really that important to me that the secure remote access feature does not use a VPN because we only have it available internally. The goal is to make it easier for us to start a session, but we have some internal regulations making it not viable for us to make it available externally.

At the start, people thought One Identity Safeguard was hard to use. However, over time when they got used to it, they saw the benefit and the ease of use improved. We still have some people that are a bit harder to get to use it.

For the end user, there is really no issue in using One Identity Safeguard. They are told how to use it and usually figure it out for themselves. For the administrators, it takes a bit longer because there are quite a lot of options and things you can do. We currently have two in training, and they have been working with us for quite some time and still are not fully comfortable working with this PAM solution.

We have physical SPPs and virtual SPSs in One Identity Safeguard. I have no problem with the form factor of One Identity Safeguard's physical appliances, as they seem quite good for the use case.

One Identity Safeguard is deployed on-premises. The only maintenance we have is the upgrades, which happen every half a year I believe. Other than that, we just perform normal day-to-day tasks.

I would recommend One Identity Safeguard, but I would also recommend that they know everything they have before they actually start and prepare the users to be ready for a bit of change.

My main use case for One Identity Safeguard is using only one module for privileged session, which we use for admins and contractors.

A quick specific example of how my team uses One Identity Safeguard day-to-day is that we use only the second part for our contractors, not for admins in our company, but for companies that help us perform admin work and support our system.

The best features One Identity Safeguard offers include video recordings to help us control our support risks.

Accessing and reviewing those recordings when needed is easy, and there are no problems with recording or reviewing.

One Identity Safeguard has positively impacted my organization by helping us manage risk. We have this product as Balabit, which is a good product that is very light and helps us check or assist with our needs.

One Identity Safeguard could be improved with a password manager and an identity manager as one big access management system.

I believe improvements could be made around integrating with other tools.

I have been using One Identity Safeguard for eight years.

I rated One Identity Safeguard nine out of 10 because the stability and control could be better, as there are some problems with stability and errors when we use it.

As my organization grows or my needs increase, it is easy to add more users or expand the use of One Identity Safeguard, and that experience has been good.

I would rate the customer support for One Identity Safeguard as eight on a scale of one to ten.

I did not previously use a different solution before One Identity Safeguard.

The deployment of One Identity Safeguard solution took one or two days.

The deployment affected my privileged users in a way that was pretty smooth.

Before choosing One Identity Safeguard, I evaluated other options based on simplicity, price, and functionality.

Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use.

My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality.

My company does not have a business relationship with One Identity Safeguard vendor other than being a customer.

I rated this review nine out of ten.

Our main use case for One Identity Safeguard is to integrate it to clients that need the SPP functionality, which stands for Safeguard for Privileged Passwords. They do say that we could utilize One Identity Safeguard to its full extent for now, but we're getting there.

A quick specific example of how we use One Identity Safeguard with a client is that our latest client needed a password vault, so at first, we integrated One Identity Safeguard for Privileged Passwords, and then they asked for a personal vault so they could store their passwords and secrets, much like KeePass, so we integrated One Identity Safeguard Personal Vault as well. Lastly, they figured at some point down the line that they needed SPS as well, but only the primitive version of it, so we just decided to integrate SPS as well and form it into a cluster with SPP, but they don't use any third-party plugins as of now.

The best feature One Identity Safeguard offers is that it is a pretty new, modern tool that makes extensive use of its API. In general, it's easier than other tools to just perform maintenance work or perform work using the API of One Identity Safeguard. Also, the way that the access requests are structured—with entitlements and access request policies—makes it easier to govern data and identities. CyberArk, which is essentially the industry standard right now, is doing a very primitive job of helping the administrator with the task, and One Identity Safeguard is a lot better at this.

These features help my team day-to-day by making onboarding new users easier, and they also make it easier to create existing teams that are complete with their own password management, their own password profiles and rotations, password requirements, and who gets access to what, so it all makes it easier and faster.

One Identity Safeguard has positively impacted my organization by being another tool that we have in our arsenal to be able to get other clients as well, because we also sell One Identity IAM, and we can just bundle One Identity Safeguard with it. It also has a nice feature called remote access, which a lot of people want to use for externals in their organization, coupled with its just-in-time requisition, so it makes selling it much easier because One Identity is a company that's been in the field for ages.

One Identity Safeguard can be improved by fixing the documentation, which is very convoluted as of now, and addressing versioning, as some major bugs and issues are not documented well enough in the documentation, along with some patches and fixes. Custom plugins need to be introduced as soon as possible.

I give it an eight because it's a nice tool and it's a modern tool, but there are still some issues, not necessarily pertaining to the tool itself, but to the whole philosophy of One Identity and how they have structured their workflows and their knowledge base, which essentially has no knowledge base, just like CyberArk. There are some issues that need to be fixed, plus it does not have a custom option, and a lot of clients are using in-house made applications that also need to be onboarded to One Identity Safeguard to be able to launch a browser session to that application, which One Identity Safeguard has not had any capabilities that could assist with that.

I have been using One Identity Safeguard for two and a half years, ever since we pivoted from CyberArk, as we wanted to be more tool-agnostic, and we decided that One Identity Safeguard was our best option because we had a past with One Identity, with us being in an IAM team.

One Identity Safeguard is stable.

So far, we haven't had any issues with One Identity Safeguard's scalability; it's been fine, but we generally target smaller to mid-sized implementations.

The customer support for One Identity Safeguard is fine for what it is, even though everything needs to be run through them and there are no knowledge bases, so we have to wait for a response from the One Identity Safeguard company, and they also keep a lot of information, requiring us to make a request and then they would need to reply, but it's acceptable overall. It's not the worst I've seen.

I previously used CyberArk before switching to One Identity Safeguard.

The deployment of the solution takes about two to four weeks, give or take, but that's not counting waiting for the client to respond and all that.

About a month of training is required for end-users, and for us, it was four months to understand One Identity Safeguard, but that was because we already had experience in other PAM tools like CyberArk.

We are partners, executive partners, and resellers with this vendor.

My experience with pricing, setup cost, and licensing has been a good experience overall, as the back and forth with One Identity is something that is acceptable; other tools have options to do this automatically, and they have it, but pricing, presales, and sales is acceptable overall.

Before choosing One Identity Safeguard, I evaluated Zero Trust and Delinea, but they were for smaller organizations, so we decided to adopt One Identity Safeguard.

My advice to others looking into using One Identity Safeguard is to get familiar with the concepts of entitlements and access request policies, the keywords One Identity Safeguard uses, and also get familiar with the way that it handles session management and recording because it's a tool that needs a lot of time to get accustomed to. I give One Identity Safeguard an overall rating of eight out of ten.

My primary use case for One Identity Safeguard is privileged password vaulting and real-time session monitoring, which has been a game changer for managing sensitive access. I mainly use it to securely store, manage, and rotate privileged credentials across multiple environments. In my day-to-day work, I frequently need to provide temporary, controlled access to different users, including third-party vendors. In a recent project, we granted time-bound access through the privileged password vault and monitored vendor activity using session recording rather than direct password exposure. Another major advantage is One Identity Safeguard’s ability to integrate with existing systems, particularly for centralized privileged password management.

One Identity Safeguard has made a noticeable positive impact on our organization by giving us much better control and visibility over privileged access. We no longer have to worry about shared or unmanaged administrator passwords, as everything is securely stored and rotated automatically. Session recording has been especially helpful because we can see exactly what actions were performed, which has improved accountability and made audits much easier. It has also reduced manual effort for our IT and security teams, improved compliance, and lowered the overall risk of misuse or unauthorized access.

In my opinion, the strongest features of One Identity Safeguard are session monitoring, real-time session control, and the privileged password vault. The password vault has been a game changer because it provides a secure and controlled way to store, manage, and rotate sensitive credentials without exposing them to users. Session monitoring allows us to track and record privileged user activity in real time, which improves visibility and accountability. Overall, One Identity Safeguard has had a positive impact on our organization by strengthening security through centralized privileged access control and improving efficiency through automation. Real-time session monitoring has further enhanced oversight and reduced risk.

One Identity Safeguard does require some time to fully understand its features, and the initial setup could be simpler. There is a learning curve at the beginning, although it improves with regular use. If user access and control management were more intuitive, it would further enhance the overall experience. With these improvements, the platform would be even more user-friendly.

I have been using One Identity Safeguard for around a month.

One Identity Safeguard has been stable for me so far.

In my experience, One Identity Safeguard is pretty scalable.

I have not used One Identity Safeguard's customer support until now.

I did not previously use a different solution before One Identity Safeguard.

The deployment of One Identity Safeguard solution has been ongoing and is still under development. We are still deploying new changes, and it takes around three to four weeks.

We are still configuring the training required to start using One Identity Safeguard. However, it took some time for our administrators, and we are still determining how much time the end users will take to use it.

The deployment of One Identity Safeguard affected our privileged users smoothly, and it was pretty smooth.

We are still evaluating other options before choosing One Identity Safeguard, but so far, we see that One Identity Safeguard is much better.

Overall, I have found One Identity Safeguard to be a very good solution. I would rate it an eight out of ten due to its strong security capabilities, excellent automated privileged password management, and effective real-time session monitoring. User feedback within our organization has been positive so far, and we are continuing to gather more input. My advice to others considering One Identity Safeguard is to evaluate it through a trial or demo, as pricing can be an important factor depending on organizational needs. Our company’s relationship with One Identity is strictly as a customer; we are not a partner or reseller.

The purpose is to ensure that privileged users do not know their own passwords.

Our organization is more secure, and we are confident that the privileged users who are using the systems are actually the users they claim to be due to two-factor authentication because we are using two-factor authentication in One Identity Safeguard.

It is easy for us to revoke access as well. Previously, we did not know who had access to a system, but now, we can see what access is currently open to systems directly from one single pane of glass, allowing us to revoke that access if necessary. We have limited the possibilities for malicious actions and have made it safer for our users when they are using privileged accounts. They only have privileged access when using that account, but they do not know the password. While nothing is 100% secure, it is more difficult to misuse that privileged account. In the past, IT administrators could log in with domain administrator access on their normal PCs, which made everything work without needing to elevate their rights. Now they cannot do that because they no longer know the password. They are required to go through One Identity Safeguard to elevate their rights.

In the beginning, we had some pushback from the administrators because they could not log in directly to a server or a system. They have to go through the web interface and log in. We had to educate them and put in a little bit of effort. We made them aware that we were also taking risks away from them so that nobody could misuse their credentials. People become administrators only when they want to use the system. When they are done using it, the account is disabled, and administrative privileges are revoked.

Previously, we had external consultants who had accounts, but we did not necessarily know when they were using the account. We now know because we have put up an approval flow. The external company needs to request access for a user, they need to call us and provide a ticket number. We then can approve it. We can also approve them for a specific duration, such as two hours. After that, the user needs to request access again and he needs to be approved. We now know when external people are using our systems. All the external privileged users are now disabled, which were not disabled before because we did not know when they needed to use the system. They did not have a normal user and a privileged account. They just had one user who could log in to the systems. Now, they need to have a normal user that can log in to One Identity Safeguard, and then the privileged account will only be enabled when we have approved the access to the system. The normal user does not have any access besides logging in to One Identity Safeguard. So, there was some pushback because administrators had to raise a ticket. We also tightened up our ticket system to ensure that IT does not do any work unless there is a ticket.

Our management can see that our security posture has greatly improved because, on a normal day, we do not have any privileged users who are enabled, so it is very difficult to elevate access to various systems. If they are not active, privileged access is revoked, and there is no access without a ticket.

We use the transparent mode feature for privileged sessions. It is very easy because it just goes through the Safeguard session. That session is used as a proxy now, so we can limit our end-user's access to server assets. Only the session has access to the servers, so we can do micro-segmentation in a different way now on our network.

The transparent mode is rather seamless because the user does not see this Safeguard session. They only see the Safeguard for privileged passwords because that is the interface that is there, a single pane of glass. When they request access to an IDP session or server, they see a different background because it goes through the process that does the recording but the users do not see that.

The transparent mode helps to monitor privileged accounts which we could not do before.

We have integrated it with test and development. They do not know the password either. Previously, they were the kings of their kingdom, whereas now, they are just users of their kingdom. They also now have to go through One Identity Safeguard.

If a privileged user does something malicious or suspicious, with session recordings, we can see what happened. We can see this person authenticated with two factors when he logged into One Identity Safeguard. If it was not something malicious, we can use this information to become better so that the issue will not happen again.

The implementation time was quick. It was basically up and running within a week.

I like the features that allow you to rotate your password, give you access to an RDP session without knowing your password, and record sessions. This is helpful for external people coming in, as we can review what they have been doing and use the recordings for training purposes. For example, if I want to upgrade a system that an external consultant did, these recordings can help identify issues. We can set different keywords to cut off a session if something malicious is detected. We can prevent a malicious action.

We use it to log in to various systems such as Linux and Windows, which is very convenient. There is also a personal vault for browser use, allowing us to save credentials for business-related websites securely. If a user leaves the company, I can assign that vault to another user. I can share credentials, save files within One Identity Safeguard, and ensure that certificates and license numbers are securely stored. I can see who has access to the files. I can save license numbers and license files in One Identity Safeguard, so I know where they are saved. I can also give access only to those who need it, as opposed to them residing on a file share or OneDrive, where access is not as transparent.

From a management point of view, it would be beneficial if One Identity Safeguard Privilege Password and One Identity Safeguard Privilege Session had a more similar interface. Also, if Privilege Session pushed more data to Safeguard Privilege Password, an admin would only need to log in to one place. They could then see the sessions and everything happening, even if it is running on a separate appliance. Why should I log into Safeguard for Privilege Session separately when it has been requested through the Privilege Password appliance? It would be advantageous if it was seen as one unified box, even though they are different. This is the improvement I would like to see.

I have used the solution for less than a year.

It is stable. I would rate it a nine out of ten for stability.

It is very scalable. I would rate it a nine out of ten for scalability.

Our clients are medium to large enterprises.

Most clients use regular support, but some clients use premium support.

In previous work, I have used CyberArk and Secret Server. One Identity Safeguard is way cheaper, intuitive, and easier to use. Its implementation costs are much lower than CyberArk.

It is on par with Secret Server, but you do not have session recordings. You just have the privileged passwords and rotation features. You need to harden the Windows because it was installed on Windows, whereas One Identity Safeguard is already a hardened appliance. One Identity Safeguard is more secure than Secret Server. However, I used Secret Server a couple of years ago. It has probably matured now.

We are using the virtual appliance because we already have a virtual environment. The only on-prem setup we have are the physical servers that run a hypervisor. We like to have everything virtual. We can also secure a virtual appliance in a different way compared to the physical appliance. With a physical appliance, if something happens, we have to get hold of the vendor and sort out how fast they can ship a replacement, whereas we can deploy a virtual appliance instantly and get it up and running if there is a problem.

One Identity Safeguard Privilege Password is rather straightforward, rating it as an eight out of ten. Privilege Session is more like a six out of ten, being a bit more complex if I want to use all the features. However, if I just want to use it in Transparent mode, it is easier.

In total, it takes less than two weeks, depending on the landscape. Some preparation, like obtaining certificates and securing a backup share, is required first. I do require input from others to implement it within two weeks. If I can gather all the necessary data and access, the implementation becomes more straightforward.

The deployment was disruptive in a way for the privileged users because they now needed to log in through the web interface, whereas previously, they could log in directly. There are more or different steps. Instead of clicking directly on an asset they want to log in to, they need to log in to a different web page and request access. There are a few more mouse clicks than before, but we now have a better security posture of our environment.

To manage and do the implementation, you need to know certain things. You can also use a trusted partner for implementation. If you do not change anything in the system or do not want to do other connection types, you do not need that much training. You need to be aware of what you should look for. A three-day workshop with a partner would be sufficient. For end-users who need to use the system, a two-hour training would be enough.

We have two One Identity Safeguard specialists in our organization.

It is more expensive than Secret Server but way less expensive than CyberArk. As a customer, I would like the pricing to be lower, but it has a good price point.

There is no reason not to recommend it. Everyone should have a PAM solution to prevent privileged user damage and mitigate risks like stolen passwords or insecure storage. If you want to ensure recordings of activities, be it from external people or highly privileged users, then this is essential. This reduces the risk of malicious insiders. You cannot always prevent it, but having recordings allows you to pinpoint activities before a system failure. You can consider having SPA analytics for additional security. We do not have that yet because of the price, but we might add it later.

I would rate One Identity Safeguard a nine out of ten.