My main use case for One Identity Safeguard is to secure the system by adding another security layer, which helps us to modify and run services in due time and also keep our system well protected with passwordless authentications.
Safeguard for Privileged Passwords
One IdentityExternal reviews
23 reviews
from
External reviews are not included in the AWS star rating for the product.
Security has improved with passwordless access and unified authentication across our environment
What is our primary use case?
What is most valuable?
One of my best features of One Identity Safeguard is the advanced authentication, allowing for manual and passwordless authentication, as well as MFA authentications. Another feature is the integration capability with various systems and tools, including Google Cloud and data tools, and it also analyzes system security and compliance.
One Identity Safeguard automates some activities, saving time and expenditure, creating a single security platform that protects all system parts and specialties, meaning we only need to purchase one tool to secure everything.
One Identity Safeguard activates passwordless authentication, enhancing the security of the tool and integrating with all the cloud services, providing an extra advantage by offering security analysis, detecting and recording all the sessions of the system, and helping us identify errors or system break-ins.
One Identity Safeguard's positive impact includes security enhancement, preventing unauthorized access and attacks, preventing data loss, and helping us review system security to find and solve potential errors, along with saving costs through integration with tools like OneLogin.
What needs improvement?
While One Identity Safeguard is easy to use and fast, I suggest offering sessions to explain new upgrades and features to users to help them learn and comply in a reasonable time.
One Identity Safeguard operates very well without interference or drawbacks, though I suggest training sessions to enhance user skills.
For how long have I used the solution?
I have been using One Identity Safeguard for almost three years.
What do I think about the stability of the solution?
One Identity Safeguard is very stable, which is one of the reasons I give it a score of ten out of ten.
What do I think about the scalability of the solution?
The scalability of One Identity Safeguard is fine, and that is why I am still giving it ten out of ten.
How are customer service and support?
I am impressed with the customer support for One Identity Safeguard because it is friendly, unique, concise, and very responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we used Google Authenticator and Okta Authenticator but switched to One Identity Safeguard due to its single platform offering a comprehensive suite of solutions.
How was the initial setup?
The deployment of One Identity Safeguard took around three days, but due to discussions with the sales and technical teams, it took about one week.
The deployment was not disruptive; in fact, it enhanced our security significantly.
What about the implementation team?
The integration with Google Workspace and data storage tools is made easier by the technical team's responsibility for explaining the deployment, and this makes installation and implementation quick and reasonable.
What was our ROI?
One Identity Safeguard is cost-effective, saving us thirty percent of our costs compared to before and allowing for more savings as we continue using it.
One Identity Safeguard is cost-effective and saves substantial costs, allowing for automation that reduces the need for extensive manual monitoring and provides a better return on investment.
What's my experience with pricing, setup cost, and licensing?
The setup cost, pricing, and licensing for One Identity Safeguard were friendly, with the technical and sales teams providing comprehensive explanations and making it the best option for us to use.
Which other solutions did I evaluate?
During evaluation, we considered other custom tools like ESET Protect, but chose One Identity Safeguard for its superior system security features.
What other advice do I have?
In a recent situation where One Identity Safeguard helped us, we found that we were using its advanced authentication system whereby we are able to authenticate our systems and our IT environment with this tool, saving us from hackers and threats, preventing data phishing and spoofing, and protecting against unauthorized access.
During the integration, everything was smooth because the connectors of One Identity Safeguard tool connect easily, and you can sometimes use the API, making it one of the best tools I have ever used.
The training took around two to three days for all users, as we had prior knowledge thanks to the virtual trial, making it easier to learn and use.
The feedback from our users has been best, with all of them stating that the tool is working well.
When considering One Identity Safeguard, look at it as a comprehensive tool that secures your system with passwordless features, integrates with OneLogin, and provides extensive capabilities beyond expectations.
I give it the highest score because it is flexible, very stable, offers all services timely, and operates without security breaks or delays, significantly aiding my work as a common monitor for my system. I give One Identity Safeguard a rating of ten out of ten.
Privileged access has become just in time and audits are now simplified with full session recording
What is our primary use case?
We use One Identity Safeguard for privileged access management across multi-client public and private cloud environments. It is mainly used to vault and rotate privileged credentials and provide just-in-time access and enforce least privilege. We also use it to record and audit admin sessions for cloud VMs, databases, and infrastructure services without exposing passwords to the engineers working on-site or contractors.
For one client, we had an Azure environment where multiple support engineers needed temporary access to the production VMs for incident resolution. The challenge was shared admin accounts, no clear audit trails, and client audit perspective. We implemented One Identity Safeguard to vault the Azure VM local admin and service accounts, ensure JIT access via approval, allow engineers to connect via One Identity Safeguard brokered RDP and SSH without seeing passwords. We also record all privileged sessions and forward logs to the client's SIEM for full transparency. We achieved that no passwords were shared, full session recordings were available for audits, and access was faster during incidents.
We use One Identity Safeguard to standardize PAM controls across multiple client tenants and cloud platforms. We automated credential rotation for privileged and service accounts without service impact. We also reduced manual access management and operational risk in large-scale cloud environments across our multi-cloud, multi-client customers across the globe.
The integration with our RPA workflows allowed secure credential access for robots without exposing passwords, enabling automated RPA tasks to run smoothly across multiple client systems, which has reduced manual intervention and errors in repetitive workflows.
What is most valuable?
The best features we appreciate about One Identity Safeguard are privileged credential vaulting, session proxying and recording, and integration with ITSM security tools such as Jira, ServiceNow, SIEMs, and SOAR platforms that our clients have. The integration with these platforms was quite simple. Additionally, we appreciate role-based access control, just-in-time access, and least privilege.
The most relied upon feature we appreciated was the session-based just-in-time privileged access with credential isolation. It made the biggest difference in our organization because the engineers never see or handle privileged passwords, which helped us comply with our customer's compliance requirements. The access is time-bound and approval-based, reducing standing admin access, and all the SSH and RDP sessions are brokered and recorded for audit and troubleshooting.
What needs improvement?
The areas for improvement in One Identity Safeguard would be the UI and UX, meaning the admin console can be more intuitive for complex policy and workflow configuration. Additionally, the reporting can be made more customizable with a real-time dashboard without external SIEM dependency.
More improvements could be made regarding support and upgrades. Faster issue resolution and smoother upgrade paths for complex deployments could be an additional improvement area for this product.
For how long have I used the solution?
We have been using One Identity Safeguard for the last two years.
What do I think about the stability of the solution?
One Identity Safeguard is very stable in my experience.
What do I think about the scalability of the solution?
It is scalable as we have now scaled from serving one customer to multiple customers without any downtime or service interruption.
How are customer service and support?
The customer support for One Identity Safeguard is great. The technical team is responsive and very knowledgeable.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
We previously used CyberArk. The reason for switching was that we needed easier multi-client management for our customers with hybrid cloud environments and better integration with Jira, SIEM, and RPA workflows across multiple customer cloud environments.
How was the initial setup?
The deployment of the solution took place in phases. Initially, it took one month, and then we scaled it to the full organization globally.
What about the implementation team?
The admin and managers required one to two weeks of hands-on training for vaulting, policy creation, integrations, and session management. The end users required only one or two days to learn about requesting access, launching sessions, and approvals.
What was our ROI?
We have seen a return on investment because we have saved time, reducing access provisioning from hours to minutes. The efficiency of our team has increased as we have reduced manual credential management, allowing our IT team to focus on higher value tasks.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing was entirely based on the sales cost, while the setup was done by our vendor and our in-house team.
Which other solutions did I evaluate?
Integrating One Identity Safeguard with our RPA workflows was quite easy and not a time-consuming process. However, it did require perfect planning and plotting for the RPA bots to ensure just-in-time privileged access.
What other advice do I have?
One more point worth highlighting from a technical and operational perspective is the central policy enforcement across multi-cloud environments.
We have removed shared admin credentials, enforced just-in-time access management, simplified audits with session recording, and reduced manual access work, all thanks to One Identity Safeguard.
Access provisioning time has been reduced from hours to minutes using just-in-time access. We have zero audit findings related to privileged access after implementing this product and have reduced credential-related incidents by eliminating shared and static admin passwords.
I suggest that others considering using One Identity Safeguard go for it. Plan your vault structure and role-based access policies before deployment, and try to utilize more of its just-in-time access and security recording features from day one. I would rate this product an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Privileged access has become more controlled and auditable but the interface still needs simplification
What is our primary use case?
My main use case for One Identity Safeguard is for privileged access management to control, monitor, and secure access to critical systems, servers, and applications used by administrators and IT teams.
A quick specific example of how I use it for privileged access management in my environment is that when an administrator needs access to a critical server, they request access through One Identity Safeguard instead of using shared credentials. The system grants time-bound, approved access, rotates the password automatically after the session, and records the entire activity.
What is most valuable?
The best features One Identity Safeguard offers include Privileged Password Vaulting as the first one. The strongest features are Session Recording and Password Vaulting with rotation and Just-in-Time Access, which together give strong control and visibility and audit readiness.
The Session Recording feature specifically helps my team and makes things easier for audits or investigations by giving a clear, time-stamped playback of privileged activities. It removes guesswork, speeds up audits, and ensures full accountability for admin actions.
One Identity Safeguard has positively impacted my organization by improving our security posture, eliminating shared privileged credentials, increasing visibility into admin activity, and making compliance audits faster and more reliable.
What needs improvement?
One Identity Safeguard could be improved by simplifying the user interface and initial configuration process, especially for first-time users. More customizable reporting and clear in-app guidance would also help teams onboard faster and get deeper insights without additional effort.
For how long have I used the solution?
I have been using One Identity Safeguard for about one year.
What do I think about the stability of the solution?
One Identity Safeguard is very stable and can handle the workload easily; I have not seen any downtime.
What do I think about the scalability of the solution?
One Identity Safeguard scales well as the environment grows. It handles increasing numbers of privileged accounts, sessions, and cloud targets without performance issues, making it suitable for expanding and hybrid infrastructure.
How are customer service and support?
Customer support has been responsive and knowledgeable, being effective at resolving technical issues.
How would you rate customer service and support?
Negative
How was the initial setup?
The integration with my cloud environment and infrastructure systems was moderately easy. Core cloud and infrastructure integrations were straightforward with proper documentation, while fine-tuning policies and access workflows required some initial effort. Once configured, the integrations have been stable and reliable.
Administrators required moderate training to understand configuration, policies, and workflows, while end users needed minimal training since access requests and approvals are straightforward. Overall, onboarding was manageable with some initial guidance.
What was our ROI?
I have seen a return on investment through reduced audit effort and fewer security incidents related to privileged access, along with significant time savings for IT and security teams by automating access control and password management.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that pricing is on the higher side, but aligns with the security and compliance value it provides. Setup costs were mainly related to initial configuration and training, and licensing was straightforward.
Which other solutions did I evaluate?
I evaluated other options such as CyberArk and BeyondTrust before choosing One Identity Safeguard.
What other advice do I have?
User feedback has been generally positive around the solution's security and session recording and access control capabilities. However, some users have mentioned that the interface and initial learning curve could be more intuitive, especially for new or non-specialist users.
My advice for others looking into using One Identity Safeguard is to clearly define your privileged access use cases and policies before implementation. It gives stronger security and audit capabilities, but investing time in proper planning, setup, and training will help you get the most value from the solution. I would rate this review a 7.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Centralized privileged sessions have improved risk control and strengthened contractor oversight
What is our primary use case?
My main use case for One Identity Safeguard is using only one module for privileged session, which we use for admins and contractors.
A quick specific example of how my team uses One Identity Safeguard day-to-day is that we use only the second part for our contractors, not for admins in our company, but for companies that help us perform admin work and support our system.
What is most valuable?
The best features One Identity Safeguard offers include video recordings to help us control our support risks.
Accessing and reviewing those recordings when needed is easy, and there are no problems with recording or reviewing.
One Identity Safeguard has positively impacted my organization by helping us manage risk. We have this product as Balabit, which is a good product that is very light and helps us check or assist with our needs.
What needs improvement?
One Identity Safeguard could be improved with a password manager and an identity manager as one big access management system.
I believe improvements could be made around integrating with other tools.
For how long have I used the solution?
I have been using One Identity Safeguard for eight years.
What do I think about the stability of the solution?
I rated One Identity Safeguard nine out of 10 because the stability and control could be better, as there are some problems with stability and errors when we use it.
What do I think about the scalability of the solution?
As my organization grows or my needs increase, it is easy to add more users or expand the use of One Identity Safeguard, and that experience has been good.
How are customer service and support?
I would rate the customer support for One Identity Safeguard as eight on a scale of one to ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not previously use a different solution before One Identity Safeguard.
How was the initial setup?
The deployment of One Identity Safeguard solution took one or two days.
The deployment affected my privileged users in a way that was pretty smooth.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated other options based on simplicity, price, and functionality.
What other advice do I have?
Feedback from users regarding One Identity Safeguard's usability and functionality is that it is a good product and very simple to use.
My advice for others looking into using One Identity Safeguard is that it is a great solution for simple tasks, with a good price and good functionality.
My company does not have a business relationship with One Identity Safeguard vendor other than being a customer.
I rated this review nine out of ten.
Modern privileged access workflows have improved user onboarding and secure password management
What is our primary use case?
Our main use case for One Identity Safeguard is to integrate it to clients that need the SPP functionality, which stands for Safeguard for Privileged Passwords. They do say that we could utilize One Identity Safeguard to its full extent for now, but we're getting there.
A quick specific example of how we use One Identity Safeguard with a client is that our latest client needed a password vault, so at first, we integrated One Identity Safeguard for Privileged Passwords, and then they asked for a personal vault so they could store their passwords and secrets, much like KeePass, so we integrated One Identity Safeguard Personal Vault as well. Lastly, they figured at some point down the line that they needed SPS as well, but only the primitive version of it, so we just decided to integrate SPS as well and form it into a cluster with SPP, but they don't use any third-party plugins as of now.
What is most valuable?
The best feature One Identity Safeguard offers is that it is a pretty new, modern tool that makes extensive use of its API. In general, it's easier than other tools to just perform maintenance work or perform work using the API of One Identity Safeguard. Also, the way that the access requests are structured—with entitlements and access request policies—makes it easier to govern data and identities. CyberArk, which is essentially the industry standard right now, is doing a very primitive job of helping the administrator with the task, and One Identity Safeguard is a lot better at this.
These features help my team day-to-day by making onboarding new users easier, and they also make it easier to create existing teams that are complete with their own password management, their own password profiles and rotations, password requirements, and who gets access to what, so it all makes it easier and faster.
One Identity Safeguard has positively impacted my organization by being another tool that we have in our arsenal to be able to get other clients as well, because we also sell One Identity IAM, and we can just bundle One Identity Safeguard with it. It also has a nice feature called remote access, which a lot of people want to use for externals in their organization, coupled with its just-in-time requisition, so it makes selling it much easier because One Identity is a company that's been in the field for ages.
What needs improvement?
One Identity Safeguard can be improved by fixing the documentation, which is very convoluted as of now, and addressing versioning, as some major bugs and issues are not documented well enough in the documentation, along with some patches and fixes. Custom plugins need to be introduced as soon as possible.
I give it an eight because it's a nice tool and it's a modern tool, but there are still some issues, not necessarily pertaining to the tool itself, but to the whole philosophy of One Identity and how they have structured their workflows and their knowledge base, which essentially has no knowledge base, just like CyberArk. There are some issues that need to be fixed, plus it does not have a custom option, and a lot of clients are using in-house made applications that also need to be onboarded to One Identity Safeguard to be able to launch a browser session to that application, which One Identity Safeguard has not had any capabilities that could assist with that.
For how long have I used the solution?
I have been using One Identity Safeguard for two and a half years, ever since we pivoted from CyberArk, as we wanted to be more tool-agnostic, and we decided that One Identity Safeguard was our best option because we had a past with One Identity, with us being in an IAM team.
What do I think about the stability of the solution?
One Identity Safeguard is stable.
What do I think about the scalability of the solution?
So far, we haven't had any issues with One Identity Safeguard's scalability; it's been fine, but we generally target smaller to mid-sized implementations.
How are customer service and support?
The customer support for One Identity Safeguard is fine for what it is, even though everything needs to be run through them and there are no knowledge bases, so we have to wait for a response from the One Identity Safeguard company, and they also keep a lot of information, requiring us to make a request and then they would need to reply, but it's acceptable overall. It's not the worst I've seen.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used CyberArk before switching to One Identity Safeguard.
How was the initial setup?
The deployment of the solution takes about two to four weeks, give or take, but that's not counting waiting for the client to respond and all that.
About a month of training is required for end-users, and for us, it was four months to understand One Identity Safeguard, but that was because we already had experience in other PAM tools like CyberArk.
What about the implementation team?
We are partners, executive partners, and resellers with this vendor.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been a good experience overall, as the back and forth with One Identity is something that is acceptable; other tools have options to do this automatically, and they have it, but pricing, presales, and sales is acceptable overall.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, I evaluated Zero Trust and Delinea, but they were for smaller organizations, so we decided to adopt One Identity Safeguard.
What other advice do I have?
My advice to others looking into using One Identity Safeguard is to get familiar with the concepts of entitlements and access request policies, the keywords One Identity Safeguard uses, and also get familiar with the way that it handles session management and recording because it's a tool that needs a lot of time to get accustomed to. I give One Identity Safeguard an overall rating of eight out of ten.
Privileged access has become centralized and streamlines multi-client audits and compliance
What is our primary use case?
Our main use case for One Identity Safeguard is as a privileged access management solution across multi-client environments. We use it to secure, control, and audit privileged accounts, enforce session monitoring and password vaulting, and provide just-in-time privileged access for admins, helping us reduce risk while meeting client security and compliance requirements.
A common example is admin access to client production servers. We use One Identity Safeguard to vault privileged credentials and grant just-in-time access only for approved change windows. All sessions are recorded and audited, which has significantly reduced credential exposure and helped us meet clients' audit and compliance requirements. As a service provider managing various customers, we prioritize this consideration.
One additional use case is centralized PAM management across multiple customer environments. We use One Identity Safeguard to standardize privileged access policies, rotate passwords automatically, and enforce session auditing in different client environments. This helps us solve the challenge of shared admin access and inconsistent access controls, improving security and compliance without increasing operational overhead and reducing our time to response.
What is most valuable?
The best features we can highlight are privileged password vaulting and automatic password rotation, just-in-time privileged access, and session monitoring and recording. These features together stand out because they significantly reduce credential exposure, enforce least privilege access, and provide full auditing visibility across multiple client environments, as we are a service delivery and IT service delivery company with multiple customer environments and access.
We rely most on just-in-time privileged access with credential vaulting. It is easy for the team to use day-to-day because access requests and approvals are streamlined and automated. Credentials are never exposed and sessions are automatically logged. After initial setup, adoption was smooth and it fit well into our existing operational workflows without adding stress to our operational team to adapt to the new technology.
One Identity Safeguard has strengthened privileged access security across our multiple client environments. We have seen a reduction in shared credentials and unauthorized access. We have also seen faster approval for admin tasks and improved audit readiness. It has streamlined compliance reporting and reduced the operational risk of managing multiple client environments manually.
Implementing this solution, we have reduced privileged account-related incidents by thirty percent. We have also cut manual password management time by nearly fifty to sixty percent. Just-in-time access has sped up admin task completion and improved our overall compliance reporting, allowing audits to be completed nearly half the time compared to earlier.
What needs improvement?
Reporting and dashboards can be made more customized, especially for client-specific views. We use session monitoring less often on low-risk systems, but it is very useful during audits or investigations.
One Identity Safeguard could be improved with flexible and customizable reporting, especially for client-specific dashboards, and simpler integration with cloud and SaaS platforms.
Additional improvements would include easier onboarding and setup for multiple client environments. One Identity Safeguard should provide pre-built templates for common PAM policies.
For how long have I used the solution?
We have been using One Identity Safeguard for the last three years.
What do I think about the stability of the solution?
One Identity Safeguard is stable.
What do I think about the scalability of the solution?
One Identity Safeguard is scalable.
How are customer service and support?
The customer support is great. They have knowledgeable staff and the documentation is also good.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Before that, we relied on manual privileged account management and native system tools, which was time-consuming and error-prone, and lacked centralized auditing. We switched to One Identity Safeguard to get automated privileged access and stronger compliance control over multiple client environments.
What was our ROI?
Privileged access and privileged account incidents have dropped by forty percent. Our manual access management time was cut by fifty percent. The time is reduced by nearly fifty percent for our audit preparation and compliance reporting compared to earlier.
Which other solutions did I evaluate?
Before that, we evaluated CyberArk. We selected One Identity Safeguard because it offered better integration with our existing infrastructure and streamlined automation for our multi-client infrastructure, which suited our operational and compliance needs.
What other advice do I have?
Plan your deployment carefully and ensure you have skilled resources and partner support for initial setup.
We have integrated One Identity Safeguard with our RPA workflows. It allows secure, automated privileged access for script bots and deployment processes, while ensuring session logging, password vaulting, and audit compliance across cloud-based operations.
The integration was relatively straightforward but required more planning, mapping RPA bots to just-in-time privileged access, and configuring credential vaulting took initial time. Once the setup was complete, it was fully automated and secure.
Our team has given positive feedback. They appreciate the user interface and the streamlined access request and automated credential management has reduced manual work and error. I would rate this review nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Privileged access has become fully audited and password management now saves significant time
What is our primary use case?
One Identity Safeguard is used to secure privileged access management, credential vaulting, and session monitoring because we are an IT-based company that handles the IT infrastructure of our clients, making it very important to keep everything secure.
One Identity Safeguard vaults privileged service accounts and provides time-bound access, ensuring that all administrative actions are tracked, reviewed, and easily monitored. We also use One Identity Safeguard to securely check admin credentials for customer servers. All access is automatically recorded and monitored through session auditing, which helps us comply with our customers' requirements.
We centrally manage privileged credentials, enforce secure access workflows, and record privileged sessions to maintain compliance and strengthen the IT security we deliver to our customers.
What is most valuable?
The best feature for us is the secure password vaulting, session recording, and automated approval workflows, because this gives us strong control over privileged access and helps us stay compliant both within our organization and with respect to customer compliance. The second feature that stands out is the real-time session monitoring and automatic credential rotation.
Automatic credential rotation helps our team by removing the need for manual changes to privileged passwords, reducing the risk of stale or shared credentials and ensuring that every access is controlled and compliant. It saves time and reduces risk since passwords are rotated after every use, so no one keeps passwords for long-term access. This prevents misuse and limits the impact of credential leaks.
We have found that we are able to comply with all security standards through the password rotation, which has helped us improve our security posture by centrally managing all privileged action accounts and enforcing strict access control to these accounts. Since the session monitoring feature and audit trail are available, we can see what changes were made by the user, who used this, how many times, and what was done in this session. We have also seen a reduction in IT operations because of password credential rotation and password management, which has reduced our manual work and increased our efficiency and security.
Our manual intervention has decreased because of the time we were taking for password management, and we have increased security with roughly a twenty to thirty percent decrease in IT calls, allowing the IT team to do other jobs because the load of password management has decreased. We have increased accountability since every privileged action is now traceable, which significantly strengthens our internal security control, and we have been able to get the compliance checks done much faster.
We have saved time since we do not have to manually manage passwords because One Identity Safeguard has automated that process. We have saved approximately thirty to forty percent of our time, and our team is spending more time on critical issues rather than managing passwords. This has reduced repetitive IT tasks and allowed our team to focus on more significant projects, and it has also reduced the risk of breaches and costly security penalties.
We have always received positive feedback from our team. The password rotation feature of this product is appreciated by all users, and they like this because they have saved time using this product, since they were previously wasting time on password management and manual interventions.
What needs improvement?
One Identity Safeguard should provide more documentation and training to the team. They can also provide better integration flexibility with more built-in connectors, and easy API workflows would help integrate more with our custom tools. They should provide a faster user interface, as we have noticed that the user interface acts slow when there are a large number of accounts or concurrent sessions going on.
Not every product can be perfect. For example, some parts of the user interface can feel a bit slow when there is a large number of concurrent sessions going on, and the integration with certain third-party tools requires more extensive implementation and configuration. These reasons made me give it an eight instead of a ten, but these are not major issues and just keep it from being completely flawless.
For how long have I used the solution?
We have been using One Identity Safeguard for two years.
What do I think about the stability of the solution?
One Identity Safeguard is currently stable, and we have not found any issues. Since its implementation, we have not faced any major issues, and there has been no downtime.
What do I think about the scalability of the solution?
One Identity Safeguard is scalable. We are implementing it globally, starting from one line of business, and now we are expanding, so it is scalable without any issues.
How are customer service and support?
I cannot speak much about the pricing because I am from the technical team and pricing is looked at by the sales team in our organization. However, I can speak about the support, which is very good with faster response times, and the team helps us every time with minimal downtime if we face any issues.
We are satisfied with customer support. The support team is technically very strong and responsive.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using CyberArk, but we switched to One Identity Safeguard because it was costly. Everything was good with CyberArk, but we needed to scale, and the licensing costs were high.
How was the initial setup?
We have deployed One Identity Safeguard in a phased manner. We deployed it for one line of business first, then for the second line, and we are planning to deploy it for other lines of business as well. The deployment for one line of business took approximately one month.
The privileged users adapted easily, and the deployment was done without disturbing our existing environment and setup, so there was no disruption, and the work went smoothly alongside the deployment.
What about the implementation team?
We did not face any significant challenges because the vendor team helped us with the integration, so the ease of integration was quite simple. We only had basic use cases like creating tickets for access requests, which are relatively straightforward, and there were not many complex integrations done. It was easy to integrate and the vendor team helped us with a step-by-step checklist for the integration with our existing SIEM and ITSM tools.
What was our ROI?
The pricing, costing, and licensing type is quite low compared to other products, so One Identity Safeguard is cheaper than other products, and the functions it has are worth the cost.
Which other solutions did I evaluate?
I was not part of the evaluation team, but the evaluation team must have evaluated other products. One example of an option that I personally evaluated was BeyondTrust Privileged Access Management.
What other advice do I have?
One thing other organizations should know about One Identity Safeguard is that it integrates well with the existing identity system, which is a very great point for other organizations to know before purchasing it because it makes it easier to deploy in their environment without changing the current workflow or existing network.
One Identity Safeguard provides heterogeneous integration with our existing products or legacy products, and the API integration is very helpful because it allows us to automate the onboarding of privileged accounts and integrate it with our existing ITSM tools, which is a really good thing about this product.
I would advise others looking into using One Identity Safeguard to choose this product because it is cheaper but provides great outcomes, and the security features are robust. I have given this product an overall rating of nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Automated session control has protected privileged access and improved password security
What is our primary use case?
Our main use case for One Identity Safeguard is access management and session management for our privileged users.
A specific example of how we use One Identity Safeguard for privileged users involves our integration with OneLogin, which is another product by One Identity. When our privileged users sign up with OneLogin, we provide them with all the necessary details about their session, and we monitor their activities to control any mistakes they might make. This process is fully automated by One Identity Safeguard.
In addition to access and session management, we also use One Identity Safeguard for password vault safety, ensuring that most of our privileged users receive a different password each time they log in so that the admin doesn't know the password, thereby protecting the entire system.
What is most valuable?
The automation of session management with One Identity Safeguard helps us significantly, as it saves us a lot of time and reduces errors. Since many of our developers and privileged users are still learning, they tend to make mistakes, and One Identity Safeguard points those out, helping us avoid major issues.
Feedback from users regarding One Identity Safeguard's usability and functionality is mostly positive.
We mostly rely on the session management and vault system features of One Identity Safeguard. In my experience, the best features One Identity Safeguard offers are mostly related to session management, which is highly automated and makes a lot of sense.
What needs improvement?
One Identity Safeguard could be improved by reducing pricing a little bit, and while the support team is mostly good, better pricing would also be advantageous.
Regarding needed improvements, the integration process has a learning curve for most of our developers. The deployment of One Identity Safeguard took about a few weeks, and I can say it was a painful process.
The deployment of One Identity Safeguard was not disruptive to our privileged users, but they had to learn a lot about the product because its user interface is complicated, and there is definitely a learning curve.
For how long have I used the solution?
I have been using One Identity Safeguard for about six months.
What do I think about the stability of the solution?
In my experience, One Identity Safeguard is stable, with most of their updates being reliable.
What do I think about the scalability of the solution?
One Identity Safeguard's scalability for our growing organization is straightforward; it is mainly automated, so we don't have to do much.
How are customer service and support?
One Identity Safeguard's customer support is good, and I would say it's better than CyberArk's.
The integration with OneLogin was easy for our team since both products are owned by the same company, and the API integration process is straightforward, with the support team being very helpful.
On a scale of one to ten, I would rate One Identity Safeguard's customer support a nine.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Previously, we were using CyberArk's PAM for privileged access management, but we switched to One Identity Safeguard because CyberArk was too expensive over time, especially as the number of privileged users increased.
What was our ROI?
We have seen a 12% return on investment with One Identity Safeguard, and we have saved a significant amount of money. When we were using CyberArk, it was very costly, and One Identity Safeguard is much cheaper in the long run.
What's my experience with pricing, setup cost, and licensing?
My experience with the pricing, setup cost, and licensing of One Identity Safeguard is that pricing is good, especially in the long term, as it's way better than CyberArk's, and the other costs are relatively similar.
Which other solutions did I evaluate?
Before choosing One Identity Safeguard, we evaluated other options, mainly CyberArk's products, and I don't remember much about the other solution we considered.
What other advice do I have?
Since starting to use One Identity Safeguard, there has not been much improvement, but I can say it's affordable, and that's primarily why we are using it.
The affordability of One Identity Safeguard has allowed us to allocate budget elsewhere, particularly towards integrating it with OneLogin, which helps us manage our increasing user base's needs and costs.
My advice for others considering One Identity Safeguard is that if you have more employees and privileged users and are looking for a long-term solution, then it is a good option—it's actually the better option. One Identity Safeguard is inexpensive in the long term, and it offers a better solution than CyberArk's, and mostly the pricing is what I value about it.
I rated this review nine out of ten.
Simplified implementation and robust security infrastructure enhance user experience
What is our primary use case?
I am not a customer; I am a partner. Therefore, I assist clients in implementing One Identity Safeguard to manage privileged account access and their passwords. The primary aim is to reduce the attack surface of those accounts.
What is most valuable?
The best feature of One Identity Safeguard is its infrastructure simplicity compared to other solutions. Joining two clusters together makes it easy and robust at the same time. The interface is robust and secure, and with recent releases, it has become more stable. Implementation is straightforward, and user experience is simple.
What needs improvement?
There is room for improvement in integration between modules. The native integration between SPP and SPS, which is currently based on a plugin, could be enhanced. Customization for lookup passwords could also be made easier.
For how long have I used the solution?
I have been working with One Identity Safeguard since 2019.
What was my experience with deployment of the solution?
Most of my users have been using the on-premises solution. There was a customer who used the physical appliance, but most installations involved virtual appliances. Deployment for my clients takes from three to eight months.
What do I think about the stability of the solution?
In terms of stability, I rate One Identity Safeguard nine to ten out of ten. It is a fairly stable solution with improvements over time.
What do I think about the scalability of the solution?
The scalability of One Identity Safeguard is perfect, scoring ten out of ten. It is suitable for medium to enterprise-level clients.
How are customer service and support?
I rate customer support six out of ten. It needs improvement as it can significantly impact customer access. It would be beneficial to have a more direct route to second-level support from partners.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I am aware of CyberArk. Compared to CyberArk, One Identity Safeguard could be more mature. However, it is a good solution in terms of cost-benefit.
How was the initial setup?
The initial setup is relatively simple compared to other solutions. It is straightforward for most users.
What was our ROI?
While it does not directly reduce costs in terms of personnel, One Identity Safeguard offers increased security, especially in password management.
What's my experience with pricing, setup cost, and licensing?
The pricing of One Identity Safeguard is fairly priced and cheaper than other solutions of the same enterprise level. It provides a good cost-benefit ratio.
Which other solutions did I evaluate?
I have knowledge of CyberArk as an alternative solution.
What other advice do I have?
I recommend One Identity Safeguard because it is valuable in terms of cost-benefit. It is simple to implement, and its infrastructure costs are lower than other solutions. It provides a flexible approach, offering both on-premises and cloud solutions. Overall, I rate One Identity Safeguard eight out of ten.
Strengthens security with the hardened appliance, session recordings, and controlled access
What is our primary use case?
The purpose is to ensure that privileged users do not know their own passwords.
How has it helped my organization?
Our organization is more secure, and we are confident that the privileged users who are using the systems are actually the users they claim to be due to two-factor authentication because we are using two-factor authentication in One Identity Safeguard.
It is easy for us to revoke access as well. Previously, we did not know who had access to a system, but now, we can see what access is currently open to systems directly from one single pane of glass, allowing us to revoke that access if necessary. We have limited the possibilities for malicious actions and have made it safer for our users when they are using privileged accounts. They only have privileged access when using that account, but they do not know the password. While nothing is 100% secure, it is more difficult to misuse that privileged account. In the past, IT administrators could log in with domain administrator access on their normal PCs, which made everything work without needing to elevate their rights. Now they cannot do that because they no longer know the password. They are required to go through One Identity Safeguard to elevate their rights.
In the beginning, we had some pushback from the administrators because they could not log in directly to a server or a system. They have to go through the web interface and log in. We had to educate them and put in a little bit of effort. We made them aware that we were also taking risks away from them so that nobody could misuse their credentials. People become administrators only when they want to use the system. When they are done using it, the account is disabled, and administrative privileges are revoked.
Previously, we had external consultants who had accounts, but we did not necessarily know when they were using the account. We now know because we have put up an approval flow. The external company needs to request access for a user, they need to call us and provide a ticket number. We then can approve it. We can also approve them for a specific duration, such as two hours. After that, the user needs to request access again and he needs to be approved. We now know when external people are using our systems. All the external privileged users are now disabled, which were not disabled before because we did not know when they needed to use the system. They did not have a normal user and a privileged account. They just had one user who could log in to the systems. Now, they need to have a normal user that can log in to One Identity Safeguard, and then the privileged account will only be enabled when we have approved the access to the system. The normal user does not have any access besides logging in to One Identity Safeguard. So, there was some pushback because administrators had to raise a ticket. We also tightened up our ticket system to ensure that IT does not do any work unless there is a ticket.
Our management can see that our security posture has greatly improved because, on a normal day, we do not have any privileged users who are enabled, so it is very difficult to elevate access to various systems. If they are not active, privileged access is revoked, and there is no access without a ticket.
We use the transparent mode feature for privileged sessions. It is very easy because it just goes through the Safeguard session. That session is used as a proxy now, so we can limit our end-user's access to server assets. Only the session has access to the servers, so we can do micro-segmentation in a different way now on our network.
The transparent mode is rather seamless because the user does not see this Safeguard session. They only see the Safeguard for privileged passwords because that is the interface that is there, a single pane of glass. When they request access to an IDP session or server, they see a different background because it goes through the process that does the recording but the users do not see that.
The transparent mode helps to monitor privileged accounts which we could not do before.
We have integrated it with test and development. They do not know the password either. Previously, they were the kings of their kingdom, whereas now, they are just users of their kingdom. They also now have to go through One Identity Safeguard.
If a privileged user does something malicious or suspicious, with session recordings, we can see what happened. We can see this person authenticated with two factors when he logged into One Identity Safeguard. If it was not something malicious, we can use this information to become better so that the issue will not happen again.
What is most valuable?
The implementation time was quick. It was basically up and running within a week.
I like the features that allow you to rotate your password, give you access to an RDP session without knowing your password, and record sessions. This is helpful for external people coming in, as we can review what they have been doing and use the recordings for training purposes. For example, if I want to upgrade a system that an external consultant did, these recordings can help identify issues. We can set different keywords to cut off a session if something malicious is detected. We can prevent a malicious action.
We use it to log in to various systems such as Linux and Windows, which is very convenient. There is also a personal vault for browser use, allowing us to save credentials for business-related websites securely. If a user leaves the company, I can assign that vault to another user. I can share credentials, save files within One Identity Safeguard, and ensure that certificates and license numbers are securely stored. I can see who has access to the files. I can save license numbers and license files in One Identity Safeguard, so I know where they are saved. I can also give access only to those who need it, as opposed to them residing on a file share or OneDrive, where access is not as transparent.
What needs improvement?
From a management point of view, it would be beneficial if One Identity Safeguard Privilege Password and One Identity Safeguard Privilege Session had a more similar interface. Also, if Privilege Session pushed more data to Safeguard Privilege Password, an admin would only need to log in to one place. They could then see the sessions and everything happening, even if it is running on a separate appliance. Why should I log into Safeguard for Privilege Session separately when it has been requested through the Privilege Password appliance? It would be advantageous if it was seen as one unified box, even though they are different. This is the improvement I would like to see.
For how long have I used the solution?
I have used the solution for less than a year.
What do I think about the stability of the solution?
It is stable. I would rate it a nine out of ten for stability.
What do I think about the scalability of the solution?
It is very scalable. I would rate it a nine out of ten for scalability.
Our clients are medium to large enterprises.
How are customer service and support?
Most clients use regular support, but some clients use premium support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
In previous work, I have used CyberArk and Secret Server. One Identity Safeguard is way cheaper, intuitive, and easier to use. Its implementation costs are much lower than CyberArk.
It is on par with Secret Server, but you do not have session recordings. You just have the privileged passwords and rotation features. You need to harden the Windows because it was installed on Windows, whereas One Identity Safeguard is already a hardened appliance. One Identity Safeguard is more secure than Secret Server. However, I used Secret Server a couple of years ago. It has probably matured now.
How was the initial setup?
We are using the virtual appliance because we already have a virtual environment. The only on-prem setup we have are the physical servers that run a hypervisor. We like to have everything virtual. We can also secure a virtual appliance in a different way compared to the physical appliance. With a physical appliance, if something happens, we have to get hold of the vendor and sort out how fast they can ship a replacement, whereas we can deploy a virtual appliance instantly and get it up and running if there is a problem.
One Identity Safeguard Privilege Password is rather straightforward, rating it as an eight out of ten. Privilege Session is more like a six out of ten, being a bit more complex if I want to use all the features. However, if I just want to use it in Transparent mode, it is easier.
In total, it takes less than two weeks, depending on the landscape. Some preparation, like obtaining certificates and securing a backup share, is required first. I do require input from others to implement it within two weeks. If I can gather all the necessary data and access, the implementation becomes more straightforward.
The deployment was disruptive in a way for the privileged users because they now needed to log in through the web interface, whereas previously, they could log in directly. There are more or different steps. Instead of clicking directly on an asset they want to log in to, they need to log in to a different web page and request access. There are a few more mouse clicks than before, but we now have a better security posture of our environment.
To manage and do the implementation, you need to know certain things. You can also use a trusted partner for implementation. If you do not change anything in the system or do not want to do other connection types, you do not need that much training. You need to be aware of what you should look for. A three-day workshop with a partner would be sufficient. For end-users who need to use the system, a two-hour training would be enough.
What about the implementation team?
We have two One Identity Safeguard specialists in our organization.
What's my experience with pricing, setup cost, and licensing?
It is more expensive than Secret Server but way less expensive than CyberArk. As a customer, I would like the pricing to be lower, but it has a good price point.
What other advice do I have?
There is no reason not to recommend it. Everyone should have a PAM solution to prevent privileged user damage and mitigate risks like stolen passwords or insecure storage. If you want to ensure recordings of activities, be it from external people or highly privileged users, then this is essential. This reduces the risk of malicious insiders. You cannot always prevent it, but having recordings allows you to pinpoint activities before a system failure. You can consider having SPA analytics for additional security. We do not have that yet because of the price, but we might add it later.
I would rate One Identity Safeguard a nine out of ten.
showing 1 - 10