We use One Identity Safeguard for privileged access management across multi-client public and private cloud environments. It is mainly used to vault and rotate privileged credentials and provide just-in-time access and enforce least privilege. We also use it to record and audit admin sessions for cloud VMs, databases, and infrastructure services without exposing passwords to the engineers working on-site or contractors.

For one client, we had an Azure environment where multiple support engineers needed temporary access to the production VMs for incident resolution. The challenge was shared admin accounts, no clear audit trails, and client audit perspective. We implemented One Identity Safeguard to vault the Azure VM local admin and service accounts, ensure JIT access via approval, allow engineers to connect via One Identity Safeguard brokered RDP and SSH without seeing passwords. We also record all privileged sessions and forward logs to the client's SIEM for full transparency. We achieved that no passwords were shared, full session recordings were available for audits, and access was faster during incidents.

We use One Identity Safeguard to standardize PAM controls across multiple client tenants and cloud platforms. We automated credential rotation for privileged and service accounts without service impact. We also reduced manual access management and operational risk in large-scale cloud environments across our multi-cloud, multi-client customers across the globe.

The integration with our RPA workflows allowed secure credential access for robots without exposing passwords, enabling automated RPA tasks to run smoothly across multiple client systems, which has reduced manual intervention and errors in repetitive workflows.

The best features we appreciate about One Identity Safeguard are privileged credential vaulting, session proxying and recording, and integration with ITSM security tools such as Jira, ServiceNow, SIEMs, and SOAR platforms that our clients have. The integration with these platforms was quite simple. Additionally, we appreciate role-based access control, just-in-time access, and least privilege.

The most relied upon feature we appreciated was the session-based just-in-time privileged access with credential isolation. It made the biggest difference in our organization because the engineers never see or handle privileged passwords, which helped us comply with our customer's compliance requirements. The access is time-bound and approval-based, reducing standing admin access, and all the SSH and RDP sessions are brokered and recorded for audit and troubleshooting.

The areas for improvement in One Identity Safeguard would be the UI and UX, meaning the admin console can be more intuitive for complex policy and workflow configuration. Additionally, the reporting can be made more customizable with a real-time dashboard without external SIEM dependency.

More improvements could be made regarding support and upgrades. Faster issue resolution and smoother upgrade paths for complex deployments could be an additional improvement area for this product.

We have been using One Identity Safeguard for the last two years.

One Identity Safeguard is very stable in my experience.

It is scalable as we have now scaled from serving one customer to multiple customers without any downtime or service interruption.

The customer support for One Identity Safeguard is great. The technical team is responsive and very knowledgeable.

We previously used CyberArk. The reason for switching was that we needed easier multi-client management for our customers with hybrid cloud environments and better integration with Jira, SIEM, and RPA workflows across multiple customer cloud environments.

The deployment of the solution took place in phases. Initially, it took one month, and then we scaled it to the full organization globally.

The admin and managers required one to two weeks of hands-on training for vaulting, policy creation, integrations, and session management. The end users required only one or two days to learn about requesting access, launching sessions, and approvals.

We have seen a return on investment because we have saved time, reducing access provisioning from hours to minutes. The efficiency of our team has increased as we have reduced manual credential management, allowing our IT team to focus on higher value tasks.

My experience with pricing, setup cost, and licensing was entirely based on the sales cost, while the setup was done by our vendor and our in-house team.

Integrating One Identity Safeguard with our RPA workflows was quite easy and not a time-consuming process. However, it did require perfect planning and plotting for the RPA bots to ensure just-in-time privileged access.

One more point worth highlighting from a technical and operational perspective is the central policy enforcement across multi-cloud environments.

We have removed shared admin credentials, enforced just-in-time access management, simplified audits with session recording, and reduced manual access work, all thanks to One Identity Safeguard.

Access provisioning time has been reduced from hours to minutes using just-in-time access. We have zero audit findings related to privileged access after implementing this product and have reduced credential-related incidents by eliminating shared and static admin passwords.

I suggest that others considering using One Identity Safeguard go for it. Plan your vault structure and role-based access policies before deployment, and try to utilize more of its just-in-time access and security recording features from day one. I would rate this product an eight out of ten.

My main use case for One Identity Safeguard is for privileged access management to control, monitor, and secure access to critical systems, servers, and applications used by administrators and IT teams.

A quick specific example of how I use it for privileged access management in my environment is that when an administrator needs access to a critical server, they request access through One Identity Safeguard instead of using shared credentials. The system grants time-bound, approved access, rotates the password automatically after the session, and records the entire activity.

The best features One Identity Safeguard offers include Privileged Password Vaulting as the first one. The strongest features are Session Recording and Password Vaulting with rotation and Just-in-Time Access, which together give strong control and visibility and audit readiness.

The Session Recording feature specifically helps my team and makes things easier for audits or investigations by giving a clear, time-stamped playback of privileged activities. It removes guesswork, speeds up audits, and ensures full accountability for admin actions.

One Identity Safeguard has positively impacted my organization by improving our security posture, eliminating shared privileged credentials, increasing visibility into admin activity, and making compliance audits faster and more reliable.

One Identity Safeguard could be improved by simplifying the user interface and initial configuration process, especially for first-time users. More customizable reporting and clear in-app guidance would also help teams onboard faster and get deeper insights without additional effort.

I have been using One Identity Safeguard for about one year.

One Identity Safeguard is very stable and can handle the workload easily; I have not seen any downtime.

One Identity Safeguard scales well as the environment grows. It handles increasing numbers of privileged accounts, sessions, and cloud targets without performance issues, making it suitable for expanding and hybrid infrastructure.

Customer support has been responsive and knowledgeable, being effective at resolving technical issues.

Negative

The integration with my cloud environment and infrastructure systems was moderately easy. Core cloud and infrastructure integrations were straightforward with proper documentation, while fine-tuning policies and access workflows required some initial effort. Once configured, the integrations have been stable and reliable.

Administrators required moderate training to understand configuration, policies, and workflows, while end users needed minimal training since access requests and approvals are straightforward. Overall, onboarding was manageable with some initial guidance.

I have seen a return on investment through reduced audit effort and fewer security incidents related to privileged access, along with significant time savings for IT and security teams by automating access control and password management.

My experience with pricing, setup cost, and licensing is that pricing is on the higher side, but aligns with the security and compliance value it provides. Setup costs were mainly related to initial configuration and training, and licensing was straightforward.

I evaluated other options such as CyberArk and BeyondTrust before choosing One Identity Safeguard.

User feedback has been generally positive around the solution's security and session recording and access control capabilities. However, some users have mentioned that the interface and initial learning curve could be more intuitive, especially for new or non-specialist users.

My advice for others looking into using One Identity Safeguard is to clearly define your privileged access use cases and policies before implementation. It gives stronger security and audit capabilities, but investing time in proper planning, setup, and training will help you get the most value from the solution. I would rate this review a 7.

Positive

Positive

Our main use case for One Identity Safeguard is as a privileged access management solution across multi-client environments. We use it to secure, control, and audit privileged accounts, enforce session monitoring and password vaulting, and provide just-in-time privileged access for admins, helping us reduce risk while meeting client security and compliance requirements.

A common example is admin access to client production servers. We use One Identity Safeguard to vault privileged credentials and grant just-in-time access only for approved change windows. All sessions are recorded and audited, which has significantly reduced credential exposure and helped us meet clients' audit and compliance requirements. As a service provider managing various customers, we prioritize this consideration.

One additional use case is centralized PAM management across multiple customer environments. We use One Identity Safeguard to standardize privileged access policies, rotate passwords automatically, and enforce session auditing in different client environments. This helps us solve the challenge of shared admin access and inconsistent access controls, improving security and compliance without increasing operational overhead and reducing our time to response.

The best features we can highlight are privileged password vaulting and automatic password rotation, just-in-time privileged access, and session monitoring and recording. These features together stand out because they significantly reduce credential exposure, enforce least privilege access, and provide full auditing visibility across multiple client environments, as we are a service delivery and IT service delivery company with multiple customer environments and access.

We rely most on just-in-time privileged access with credential vaulting. It is easy for the team to use day-to-day because access requests and approvals are streamlined and automated. Credentials are never exposed and sessions are automatically logged. After initial setup, adoption was smooth and it fit well into our existing operational workflows without adding stress to our operational team to adapt to the new technology.

One Identity Safeguard has strengthened privileged access security across our multiple client environments. We have seen a reduction in shared credentials and unauthorized access. We have also seen faster approval for admin tasks and improved audit readiness. It has streamlined compliance reporting and reduced the operational risk of managing multiple client environments manually.

Implementing this solution, we have reduced privileged account-related incidents by thirty percent. We have also cut manual password management time by nearly fifty to sixty percent. Just-in-time access has sped up admin task completion and improved our overall compliance reporting, allowing audits to be completed nearly half the time compared to earlier.

Reporting and dashboards can be made more customized, especially for client-specific views. We use session monitoring less often on low-risk systems, but it is very useful during audits or investigations.

One Identity Safeguard could be improved with flexible and customizable reporting, especially for client-specific dashboards, and simpler integration with cloud and SaaS platforms.

Additional improvements would include easier onboarding and setup for multiple client environments. One Identity Safeguard should provide pre-built templates for common PAM policies.

We have been using One Identity Safeguard for the last three years.

One Identity Safeguard is stable.

One Identity Safeguard is scalable.

The customer support is great. They have knowledgeable staff and the documentation is also good.

Before that, we relied on manual privileged account management and native system tools, which was time-consuming and error-prone, and lacked centralized auditing. We switched to One Identity Safeguard to get automated privileged access and stronger compliance control over multiple client environments.

Privileged access and privileged account incidents have dropped by forty percent. Our manual access management time was cut by fifty percent. The time is reduced by nearly fifty percent for our audit preparation and compliance reporting compared to earlier.

Before that, we evaluated CyberArk. We selected One Identity Safeguard because it offered better integration with our existing infrastructure and streamlined automation for our multi-client infrastructure, which suited our operational and compliance needs.

Plan your deployment carefully and ensure you have skilled resources and partner support for initial setup.

We have integrated One Identity Safeguard with our RPA workflows. It allows secure, automated privileged access for script bots and deployment processes, while ensuring session logging, password vaulting, and audit compliance across cloud-based operations.

The integration was relatively straightforward but required more planning, mapping RPA bots to just-in-time privileged access, and configuring credential vaulting took initial time. Once the setup was complete, it was fully automated and secure.

Our team has given positive feedback. They appreciate the user interface and the streamlined access request and automated credential management has reduced manual work and error. I would rate this review nine out of ten.

Positive

One Identity Safeguard is used to secure privileged access management, credential vaulting, and session monitoring because we are an IT-based company that handles the IT infrastructure of our clients, making it very important to keep everything secure.

One Identity Safeguard vaults privileged service accounts and provides time-bound access, ensuring that all administrative actions are tracked, reviewed, and easily monitored. We also use One Identity Safeguard to securely check admin credentials for customer servers. All access is automatically recorded and monitored through session auditing, which helps us comply with our customers' requirements.

We centrally manage privileged credentials, enforce secure access workflows, and record privileged sessions to maintain compliance and strengthen the IT security we deliver to our customers.

The best feature for us is the secure password vaulting, session recording, and automated approval workflows, because this gives us strong control over privileged access and helps us stay compliant both within our organization and with respect to customer compliance. The second feature that stands out is the real-time session monitoring and automatic credential rotation.

Automatic credential rotation helps our team by removing the need for manual changes to privileged passwords, reducing the risk of stale or shared credentials and ensuring that every access is controlled and compliant. It saves time and reduces risk since passwords are rotated after every use, so no one keeps passwords for long-term access. This prevents misuse and limits the impact of credential leaks.

We have found that we are able to comply with all security standards through the password rotation, which has helped us improve our security posture by centrally managing all privileged action accounts and enforcing strict access control to these accounts. Since the session monitoring feature and audit trail are available, we can see what changes were made by the user, who used this, how many times, and what was done in this session. We have also seen a reduction in IT operations because of password credential rotation and password management, which has reduced our manual work and increased our efficiency and security.

Our manual intervention has decreased because of the time we were taking for password management, and we have increased security with roughly a twenty to thirty percent decrease in IT calls, allowing the IT team to do other jobs because the load of password management has decreased. We have increased accountability since every privileged action is now traceable, which significantly strengthens our internal security control, and we have been able to get the compliance checks done much faster.

We have saved time since we do not have to manually manage passwords because One Identity Safeguard has automated that process. We have saved approximately thirty to forty percent of our time, and our team is spending more time on critical issues rather than managing passwords. This has reduced repetitive IT tasks and allowed our team to focus on more significant projects, and it has also reduced the risk of breaches and costly security penalties.

We have always received positive feedback from our team. The password rotation feature of this product is appreciated by all users, and they like this because they have saved time using this product, since they were previously wasting time on password management and manual interventions.

One Identity Safeguard should provide more documentation and training to the team. They can also provide better integration flexibility with more built-in connectors, and easy API workflows would help integrate more with our custom tools. They should provide a faster user interface, as we have noticed that the user interface acts slow when there are a large number of accounts or concurrent sessions going on.

Not every product can be perfect. For example, some parts of the user interface can feel a bit slow when there is a large number of concurrent sessions going on, and the integration with certain third-party tools requires more extensive implementation and configuration. These reasons made me give it an eight instead of a ten, but these are not major issues and just keep it from being completely flawless.

We have been using One Identity Safeguard for two years.

One Identity Safeguard is currently stable, and we have not found any issues. Since its implementation, we have not faced any major issues, and there has been no downtime.

One Identity Safeguard is scalable. We are implementing it globally, starting from one line of business, and now we are expanding, so it is scalable without any issues.

I cannot speak much about the pricing because I am from the technical team and pricing is looked at by the sales team in our organization. However, I can speak about the support, which is very good with faster response times, and the team helps us every time with minimal downtime if we face any issues.

We are satisfied with customer support. The support team is technically very strong and responsive.

Positive

We were using CyberArk, but we switched to One Identity Safeguard because it was costly. Everything was good with CyberArk, but we needed to scale, and the licensing costs were high.

We have deployed One Identity Safeguard in a phased manner. We deployed it for one line of business first, then for the second line, and we are planning to deploy it for other lines of business as well. The deployment for one line of business took approximately one month.

The privileged users adapted easily, and the deployment was done without disturbing our existing environment and setup, so there was no disruption, and the work went smoothly alongside the deployment.

We did not face any significant challenges because the vendor team helped us with the integration, so the ease of integration was quite simple. We only had basic use cases like creating tickets for access requests, which are relatively straightforward, and there were not many complex integrations done. It was easy to integrate and the vendor team helped us with a step-by-step checklist for the integration with our existing SIEM and ITSM tools.

The pricing, costing, and licensing type is quite low compared to other products, so One Identity Safeguard is cheaper than other products, and the functions it has are worth the cost.

I was not part of the evaluation team, but the evaluation team must have evaluated other products. One example of an option that I personally evaluated was BeyondTrust Privileged Access Management.

One thing other organizations should know about One Identity Safeguard is that it integrates well with the existing identity system, which is a very great point for other organizations to know before purchasing it because it makes it easier to deploy in their environment without changing the current workflow or existing network.

One Identity Safeguard provides heterogeneous integration with our existing products or legacy products, and the API integration is very helpful because it allows us to automate the onboarding of privileged accounts and integrate it with our existing ITSM tools, which is a really good thing about this product.

I would advise others looking into using One Identity Safeguard to choose this product because it is cheaper but provides great outcomes, and the security features are robust. I have given this product an overall rating of nine out of ten.

Neutral