We use it to handle secure access to our Windows and Linux servers and also to manage some of our user accounts. This includes password rotation, JIT, and disabling accounts when they are not in use.

We use their physical appliance.

I look after the backend, but I am also a user of it. In general, users do not love it because there are extra steps to what they are used to, but it is an intuitive service. The approval workflows work particularly well with their integration into Teams. From a backend point of view, it is not too bad. There are a few places where the interface could be slightly different, but mostly, it is fairly intuitive.

The Approval Anywhere feature provides an approval process. We use it for our external contractors. It is nice and easy once things are set up from their point of view, and it provides the university with an additional layer or multiple layers of security, which we did not have before.

We have integrated it with Identity Manager, which is another One Identity product. We have not integrated it with anything else. We thought about integrating it with ServiceNow to have a one-stop shop from ServiceNow to make API calls and requests from there. However, we wanted to keep things a bit simpler at this point. The interface is pretty nice. Asking users to go via the Safeguard method works well.

It provides secure and centralized access to both on-prem and cloud servers, which we did not have before. Previously, there were myriad ways to access our servers, so this centralizing feature is beneficial.

The auditing and approval mechanisms are features we did not have before and are greatly appreciated.

I do not have any integrations at the moment, and I also do not use the API to automate this. I have to set up user accounts, then privilege accounts, and then linked accounts, and do some association there. There are many steps. We are still in the onboarding phase, and it seems very manual. Ideally, a single interface to integrate all these processes would be useful.

A couple of missing features that I have seen are about to come out, and I am happy they are addressing customer feedback with exactly what I wanted.

I have used the solution for probably about 18 months to 2 years.

We have not had any issues with the core product itself, but there is an add-on called SCALUS, which is quite critical to the user experience, and that does not work. They have been having issues with that for quite a long time, like months. That is not great at all.

Scalability is fine. We have a cluster of SPPs and a cluster of SPSs, and we can add a node to that cluster without much fuss. We did it on one of the clusters, so it is all good.

They are quick to acknowledge a call or case, possibly due to SLA requirements. Overall, it is a hit-and-miss. Sometimes, I get a very helpful response and they address issues on a call. Other times, I am politely informed they cannot help.

I did not use any similar solution previously.

It was a little bit of stop-and-start. Quite a few people were involved, but we had One Identity's professional service's help as well. We had something working within a week.

It does require maintenance. It is not a SaaS service. It is not a hosted service, so I have to resolve any issues that come along. I have to deal with any feature enhancements and patching.

We had One Identity's professional service. We had probably four people from our side.

We bought their other products, so it was not that expensive. It is one of those where the more you buy, the cheaper it is.

I would rate One Identity Safeguard an eight out of ten.

My main use cases include LDAP, SSH, and some utilization of HTTPS. My primary uses are LDAP and SSH.

From my experience, the features are best for monitoring and the usage of LDAP and SSH. I think One Identity should improve its documentation because it is vast and not clear, and clear documentation on implementing the solution would be advantageous for consultants. I find clear documentation helpful for clients and customers to achieve what they want.

I find it complicated to implement HTTPS monitoring because the documentation is unclear. The disaster recovery process is complicated for me. For some configurations on the SPS side, if I need to make changes, such as for DNS servers, I must redeploy the machine. Transparent Mode can be improved in newer versions, and the failover process is the most complicated for me.

I have been working with this solution for the last two years.

The stability is consistent for me until a problem arises; then it becomes difficult. I encounter problems primarily with the failover procedure.

Scalability is acceptable for me. If customer usage increases, I can add new appliances, but this incurs costs.

I find the support good, but not excellent. When I open a ticket, resolutions can take a long time, and I sometimes need escalations to reach expertise.

I always compare this solution with CyberArk. I feel CyberArk is not like a black box; it allows a lot of customization.

The initial setup is not complex for me; it's straightforward. I would rate it a seven, as it takes me thirty to forty minutes per machine for deployment.

I install the solution and offer the services to the end-users.

Any PAM solution, when I deploy it well and customers use it, leads to a return on investment. This is applicable not just to One Identity or CyberArk, but to any PAM solution that provides what customers need to achieve.

It's about controlling what people are doing in their infrastructure. Overall, I would rate the product six out of ten.

We are a One Identity partner, and our clients use One Identity Safeguard for password vaults, session management for Linux and Windows servers, and network appliances.

One Identity Safeguard now prevents unauthorized access to servers by eliminating privileged passwords and requiring all connections to go through a PAM-authorized process. This means no one, including hackers, can access servers without explicit approval, significantly enhancing overall security.

One Identity Safeguard is easy to use with a good partner to support you, and it can be up and running within a few days.

We have successfully integrated One Identity Safeguard with cloud targets, and the process was straightforward.

One Identity Safeguard has improved our incident response time by 300 percent.

The most valuable feature of One Identity Safeguard is the user-friendly interface.

The password vault feature has proven to be most effective for managing privileged access. Recycling passwords has been critical. The environment is on lockdown with the One Identity privileged access management solution. No hacker can get in.

One Identity's support is not appropriately structured, and it has a lot of room to improve.

I have been using One Identity Safeguard for three years.

One Identity Safeguard is exceptionally stable.

One Identity Safeguard is highly scalable.

We have plans to increase the use of One Identity Safeguard.

Technical support is all right, but they will not offer support until we have One Identity running. If we have issues during the deployment, they will not provide support unless we pay for professional services.

The initial setup was straightforward and took three months because the client had a problematic environment.

Our strategy was to deploy this on a single VM appliance and replicate it to an offline data site public setup.

One Identity Safeguard provides a significant return on investment.

One Identity Safeguard is expensive. The license is around $3,000 per month.

We evaluated CyberArk but found One Identity Safeguard easier to use, deploy, and administer.

I would rate One Identity Safeguard five out of ten.

Do not deploy One Identity Safeguard unless you have extensive training, classroom training, and infrastructure experience.

We have around 100 administrators; our clients are medium and enterprise businesses.

Minimal maintenance is required because it is a virtual appliance, and everything is preconfigured.

One Identity Safeguard is a good solution, and I recommend it.

We mainly use the Privileged Session Management (PSM) features.

In terms of the user experience, it is a pretty useful product. It works in a good way.

We sometimes face issues with configuration and things like that, but we manage to solve them. In general, it is a pretty good solution for the PSM features.

There can be an improvement in terms of the policy that can be implemented on the SSH session.

I have been working with this product for more or less 2 years.

I have never spoken to their technical support. A colleague of mine interacts with them.

I did not work with any other solution previously. I have read about other products and their features, but I have not worked with them. One Identity Safeguard is probably one of the best solutions for PSM features.

I do not work on the installation. I work on the setup. We do face some issues with configuration, but in general, we are able to troubleshoot them.

Based on my personal experience with the PSM features, it is a good product. I know that there are some competitors, but I have not worked with them.

My colleagues worked on its integration with another tool. It seems to integrate fine, but I do not know for sure if he faced any issues.

My experience is with the PSM features, and for that, I would rate the product a six out of ten. There are some specific features that can be improved, but in general, I have had a good experience with the product.

Our customer is a public service organization with about 800 privileged accounts and 8,000 functional accounts. The client already has a relatively unadvanced identity management implementation. It's a request-based identity management solution. What we're doing now is getting better control of the privileged accounts and getting rid of the old technology.

The end users don't know of an alternative. They are still subject to identity management through what is quite a large, manual process instead of process automation. For instance, the users do not have a self-service port where they can automatically get privileges they don't have today. Everything goes via the ITSM manual control workflow.

It's the manual processing our client currently has that is what we are thinking of improving. The installation was not set up by my team, but our job is to focus on the most sensitive information assets and secure insights into how service and other infrastructure are managed through privileged accounts. After that, we will work on simplifying the everyday user experience.

We work with just the physical appliances. It wasn't my decision. It was what the client already had. Regarding the form factor, just put it in a rack and it works. It's not an issue.

We're introducing the solution's transparent mode for privileged sessions. This is part of what the client hasn't used before. It will simplify their administrative situation greatly. So far, the rollout of this feature has been a seamless process, but we're still in the midst of rolling it out. The benefits will be on the risk side.

Right now, the way accounts are managed, you don't necessarily know who is using an account. There's a shared admin account, and that's not a good thing. And those accounts are shared in wallets by several people. One of the real benefits of safeguarding here is that the client will have an absolute audit of who is using an administrative interface, whether it's server or network.

The identity discovery is good, and the performance is pretty good value.

Something for One Identity to look at is having integration guidelines for how to logically group accounts. This is always something you need people to do. It would be especially helpful when you have thousands of servers, and within each and every one there are between two and five admin accounts.

I have been working with One Identity Safeguard for about six years. I'm a consultant, and I work with various technologies. When One Identity came out with it about six years ago, I was one of the first to engage with it.

We haven't had any issues with the stability of Safeguard.

It's scalable, at least in this environment. I haven't worked in a very large-scale environment with this technology. At least you don't have bottlenecks in your operating system or external virtualization. For this organization with 10,000 people, it seems to be working.

We have a specialist who is super-deep in One Identity and has done a couple of the most complex installations of the solution in Norway. He is better than any support organization you could come up with. He's really special.

Setting it up is not complex. The complex bit is migrating from the various wallet types into Safeguard because users have to be trained in a new methodology of how to use Safeguard. We need to shut down the old access as Safeguard becomes the only way in. That is the tricky part. It's not Safeguard in and of itself which is tricky. On the contrary, Safeguard is simple to use.

We haven't finished the deployment yet, but the plan is to do it over two months. We have six people on our team who are involved with the client.

We have created the training material, and each user gets online training, documentation, and a facilitated meeting. Each user gets a full eight hours of training. The training is distributed over a couple of weeks.

We've been able to manage disruption so far. That is because we provide the users with a semi-automatic tool that makes them responsible for transferring their own accounts from the wallet to Safeguard instead of us doing it for them. And that gives the end user the control they need to not mess up their own secrets. They have access and all the means to make it as non-disruptive for them as possible. I wouldn't call it a custom build, but we've created a process that they have to follow. It partly gives them something that extracts all the secrets from the current wallet and populates them into a Safeguard. But they have to do it themselves and validate that they have done it.

Letting the users have control over their own migration is a key part of the strategy because big bangs usually end up with a big bang. What I mean is that you can end with a big disaster if the users don't feel that they are able to use Safeguard on time, or if they don't know whether their accounts are still in the old process or the new one. The key strategy is to not rearrange privileged groups before the migration. Even though most admin users have too much access, we're not fixing that right now. We will do that after the migration. We want the migration process to be as smooth as possible.

It's not difficult to maintain. Compared to the One Identity software, there is less maintenance. That's why one chooses appliances, to have less maintenance. Just give it power and it works.

Because we're talking about a digital world now, very few organizations question the need for some sort of identity management solution. One Identity makes sense for organizations that have some of their own infrastructure and cannot go fully to the cloud. For organizations that have everything in Azure cloud, it may not make sense to use this solution. For an organization like that, One Identity does not provide any ROI. But for any organization with more than 10,000 people and its own local infrastructure, One Identity makes sense and provides a good ROI.

They have comparable pricing. All identity products are essentially priced in a similar way. It's a per-user base. Usually, they start at one price, and when you start pricing the competition, you typically get a bit of a discount or more favorable payment terms. For example, you might not have to pay until you've enrolled all the users. You don't have to pay upfront for all people in the organization until they've been enrolled.

There are also integration costs and migration costs. That's the big one.

One Identity is the simplest to work with and has the best discovery function. There's very little kludge in the software. It's probably the quickest for going from zero to operational of all the alternatives in the marketplace.

What it lacks, compared to some, is specific SAP integration for clients that have that. Our current client doesn't have SAP, so it's not an issue for them. And potentially, SailPoint has more pre-made connectors. That means if you have a large number of systems you want to provision into, then SailPoint is the way to go.

As for privileged access management, if you have an abnormal number of servers—more than 10,000—a whole lot of network elements, and several types of platforms, you might have to go for CyberArk.

But One Identity is a very good package for most organizations. It's one of the simplest to use. CyberArk is the leader in the marketplace, but typically, it is too complex and too big for Norwegian organizations. One Identity PAM has the simplicity to fit Norwegian businesses. It has enough features for any medium-sized business under 50,000 people and under 10,000 servers. For those organizations, One Identity is a safe pick.

I would absolutely recommend One Identity.

Very large organizations with complex technologies and a very large number of devices can consider other options. But One Identity has a very good suite of technologies.

We use One Identity Safeguard to manage our privileged accounts.

We use One Identity Safeguard on both physical and virtual appliances.

One Identity Safeguard uses a secure remote access feature that does not use a VPN. This is important because it is cheaper and more secure than implementing a VPN for remote access.

People can start using the solution after five days of training.

We don't need to use VPN for remote access.

One Identity Safeguard is slow and not user-friendly.

Managing remote access for privileged users is difficult because it requires a lot of customization.

Current integration with other solutions requires custom API development. I would like to see out-of-the-box integration built into One Identity Safeguard, similar to other solutions.

The deployment affects our privileged users because it takes a long time for them to request privileges, which impacts the SLA.

I have been using One Identity Safeguard for nearly three years.

One Identity Safeguard is unstable. Many bugs affect its performance, particularly when generating bundle batches and performing discovery.

One Identity Safeguard is scalable, but its performance degrades as it is scaled up.

Customer support is a nightmare. They take a long time to respond to tickets, and when they don't understand the issue, they stall by requesting logs.

I previously used BeyondTrust Endpoint Privilege Management, which is a better solution because it includes recording and remote access out of the box, whereas One Identity Safeguard requires us to integrate each of those components separately. Additionally, each component is a different appliance.

The initial setup is straightforward. The installation takes a couple of hours. One person is required for the deployment.

One Identity Safeguard is expensive and the cost goes up as we scale.

Licensing fees increase as we expand, as does the cost of basic support, which allows us to open tickets. Additionally, we must pay to update outdated appliances.

I would rate One Identity Safeguard three out of ten.

I only recommend One Identity Safeguard for small businesses.

When using One Identity Safeguard, we need to be patient.

We introduce One Identity Safeguard to customers, primarily Italian customers who need to partner with solutions that protect their target resources.

What I like about One Identity Safeguard is its interface, which is easy to understand, even for people new to the product. I also like that the solution collects data without any access to the machine, plus it has a feature that lets people explore access to machines within a network.

Regarding the usability and functionality of One Identity Safeguard, the most common feedback I receive from users is that the solution is easy to use and can easily move data.

I also like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor.

My customers use the transparent mode for privileged sessions in One Identity Safeguard, and it is easy to use, though it may be more difficult to configure. I haven't received any customer complaints about that feature, so it's not that difficult to use.

To start using One Identity Safeguard in terms of training for people who manage the solution and the end-users, my colleague and I took a course from One Identity. That training was enough for the basic features, but for some other features, my colleague and I had to create some tickets, though he and I know the database and processes. For users, it is easy because my company provides them with a two-page resource manual with screenshots. Then, I spent some time with the managers to show how One Identity Safeguard works, which is very easy because I've used the solution before.

The analytics interface of One Identity Safeguard is also easy to understand.

A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target. For example, in two machines with some applications, I would like to balance traffic between the two machines with the help of One Identity Safeguard. It would be great if the solution allowed users to add some applications to a cluster and balance the traffic between the applications.

I've been working with One Identity Safeguard for customers for six months.

Stability-wise, One Identity Safeguard is okay. It's been running for almost one year, and there's no problem with its stability, so, in terms of stability, it's a seven out of ten for me.

The scalability, including the clustering for One Identity Safeguard, could be improved. It is fair right now, scalability-wise, and from an engineering perspective, it may not be as easy to do that because the appliance would have to be encrypted, and there's a security requirement. Still, it would be nicer if scalability could be improved in One Identity Safeguard.

Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. Support-wise, it's an eight out of ten for me.

I used a different solution previously, but One Identity Safeguard could limit the maximum number of connections to a target. The other solution, on the other hand, could not do that but has a load-balancing feature.

My company deploys One Identity Safeguard for customers, and I found the process easy.

My customers use the One Identity Safeguard virtual appliances.

I have not used the Cloud Assistant feature of the solution.

I have not used the Remote Access feature for privileged users in One Identity Safeguard.

My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production.

In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment.

I'm a One Identity Safeguard integrator, and my company also resells it.

Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard.

My rating for One Identity Safeguard is eight out of ten overall.

We use the virtual appliance of One Identity Safeguard to enhance security when external support is logged into our internal network. This is because it is the riskiest situation when an external company logs into servers to provide support. We want to increase security and monitoring to minimize risk. We have better monitoring tools to help us achieve this.

Managing the remote access for privileged users feature is moderately difficult.

We currently use only one feature, which is privileged access to remote desktop servers with rotating passwords for privileged accounts. This is the main feature we use, and it typically disconnects external users from the system before giving them a different user to use for logging in. We have to use the Safeguard session in an integrated separate session or with the exact name available to record the sessions.

The GUI has room for improvement because it is confusing and cumbersome.

I have been using One Identity Safeguard for two months.

One Identity Safeguard is stable and provides great performance.

The technical support varies depending on who is assigned to our ticket.

The initial setup was complex, and we had to put it behind a firewall for security. This made it difficult to open the ports needed to set up the connections. It was a time-consuming process, and we had to work with the integrator to complete it. It took several days of work, but the tool is powerful and worth the effort to set up.

Three people were required for the deployment.

We used an integrator to help implement One Identity Safeguard. The integrator was good. He was able to train our people to deploy the solution.

I would rate One Identity Safeguard eight out of ten.

A moderate amount of training was required for our people to start using One Identity Safeguard.

We have up to five people using the solution.

The only maintenance required is for patching.

One Identity Safeguard is a great product once we become familiar with it. The GUI takes some getting used to.

I work for a bank, and we use Safeguard to manage access to our Internet banking services. We use Safeguard for two things: identity and access management and detection recording. We have our services onboarded on SysTrack doing RDP directly to the servers or station, and we use virtual appliances for collection. The solution covers around 150 users at this organization.

I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server.

We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what.

I have used Safeguard for one year.

Safeguard is stable.

It's scalable, depending on the solution case. I don't know if it's domain-based because it was not restricted. We're gradually moving to the Azure cloud.

One Identity support is okay.

Deploying Safeguard was straightforward.

I rate One Identity Safeguard eight out of 10.

We use the on-demand version. We use the solution for monitoring and connection to the customer's server for Windows and Linux.

It's easier to connect to the server and it makes it more secure. We've seen about a 40% improvement in that regard.

The monitoring system is very good.

It has a very nice user interface.

The product is very fast to implement.

We use the solution's transparent mode for privileged sessions.

There is a lack of documentation and many problems with the plugins.

I did run into problems with transparent mode for privileged sessions. We didn't connect correctly to the server. It was an issue we had with the customer's server, not the product itself.

The security of the connection could be improved.

I've been using the solution for one year.

It's not completely stable. Sometimes the newest version does not support an older version.

The solution is not so scalable.

Mabe 20 or so users are leveraging it in our organization. They are admins.

We use regular support. The response times are too long. Sometimes it could take days.

I previously used CyberArk. I changed companies, and now I work with this product. I find Safeguard to be easier to implement, however, it does lack documentation.

It is fast to implement.

While the process is not technically complex, there was a lack of documentation and we had to figure out how to do it ourselves. The deployment took three weeks. We had two people working on the process.

We have yet to witness an ROI.

The solution is offered at a good price. We pay a monthly fee. I'm not sure of the exact cost we pay.

I'm a product partner.

We are using the latest version of the solution.

I have yet to use the cloud assistant feature, so I can't say much about that aspect of the solution. We also do not use the solution's secure remote access feature for privileged users. We don't have it integrated with DevOps or RPA.

While basic knowledge is important, there isn't much training required to start using the solution.

I'd rate the solution six out of ten.