We use the virtual appliance of One Identity Safeguard to enhance security when external support is logged into our internal network. This is because it is the riskiest situation when an external company logs into servers to provide support. We want to increase security and monitoring to minimize risk. We have better monitoring tools to help us achieve this.
System Administrator at a healthcare company with 501-1,000 employees
Provides great performance, is easy to manage privileged users, and increases security
Pros and Cons
- "One Identity Safeguard is stable and provides great performance."
- "The GUI has room for improvement because it is confusing and cumbersome."
What is our primary use case?
How has it helped my organization?
Managing the remote access for privileged users feature is moderately difficult.
What is most valuable?
We currently use only one feature, which is privileged access to remote desktop servers with rotating passwords for privileged accounts. This is the main feature we use, and it typically disconnects external users from the system before giving them a different user to use for logging in. We have to use the Safeguard session in an integrated separate session or with the exact name available to record the sessions.
What needs improvement?
The GUI has room for improvement because it is confusing and cumbersome.
Buyer's Guide
One Identity Safeguard
June 2025

Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,524 professionals have used our research since 2012.
For how long have I used the solution?
I have been using One Identity Safeguard for two months.
What do I think about the stability of the solution?
One Identity Safeguard is stable and provides great performance.
How are customer service and support?
The technical support varies depending on who is assigned to our ticket.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup was complex, and we had to put it behind a firewall for security. This made it difficult to open the ports needed to set up the connections. It was a time-consuming process, and we had to work with the integrator to complete it. It took several days of work, but the tool is powerful and worth the effort to set up.
Three people were required for the deployment.
What about the implementation team?
We used an integrator to help implement One Identity Safeguard. The integrator was good. He was able to train our people to deploy the solution.
What other advice do I have?
I would rate One Identity Safeguard eight out of ten.
A moderate amount of training was required for our people to start using One Identity Safeguard.
We have up to five people using the solution.
The only maintenance required is for patching.
One Identity Safeguard is a great product once we become familiar with it. The GUI takes some getting used to.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.

Managing Partner at Knightswatch Cyber
Great for managing identities and offers good usability and functionality
Pros and Cons
- "We use the Approval Anywhere, or cloud assistant feature and it is great. It enables us to add an extra layer of security for critical passwords without adding time to the approval process."
- "We have feature requests and would like to see the turnaround times on those features to be faster."
What is our primary use case?
We primarily use the solution to manage identities.
What is most valuable?
It's a good solution for managing identities under OneFile for authorization.
So far, the useability and functionality are very good.
We use the Approval Anywhere, or cloud assistant feature and it is great. It enables us to add an extra layer of security for critical passwords without adding time to the approval process.
The secure remote access feature for privileged users has been useful as well. We've had moderate success with it. It doesn't apply to some reference levels. We do like that it does not make us use a VPN. It gives us more flexibility. We can push out to mobile users a bit easier.
What needs improvement?
We do have some support issues sometimes around user authorization rights and onboarding. Typically it's on the user's end where there are issues. We point them back to the instructions.
The big issue I have with the solution is the lack of timely updates. We have feature requests and would like to see the turnaround times on those features to be faster.
The pricing could always be better.
For how long have I used the solution?
I've used the product for five or six years.
What do I think about the stability of the solution?
The solution has been stable.
What do I think about the scalability of the solution?
The scalability of the solution is good. It was one of the reasons why we chose it. We needed something to scale with our customers. So far, we've been happy with its capabilities.
How are customer service and support?
I haven't had issues with support so far. We do not use the vendor's premier support.
How would you rate customer service and support?
Positive
How was the initial setup?
The whole effort, in terms of initial setup, took a couple of weeks. There is a learning curve associated with the process. My end-user took an hours-long course and my administrators went to training for about two to three days.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay compared to other products we looked at.
Which other solutions did I evaluate?
We looked at a couple of other solutions from CyberArk. The useability of this solution is better.
What other advice do I have?
We're partners. We've resold the solution in the past, although we aren't doing so now. We're not active resellers. It's more opportunity-based.
We are using the most up-to-date version of the solution.
While we have yet to integrate the solution with other parts of our business, we are looking to integrate it in the future with DevOps. We're in the planning phase of that.
The flexibility and integration process is seamless. I've definitely had worse experiences. The resources we had weren't very experienced and we got through everything with very few headaches. From a security and productivity standpoint, it's good.
I'd rate the product eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Buyer's Guide
One Identity Safeguard
June 2025

Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
861,524 professionals have used our research since 2012.
Independent Consultant
Offers high availability and enables end users to deploy the solution with 99.999 percent uptime
Pros and Cons
- "It offers high availability and enables end users to deploy the solution with 99.999 percent uptime, which is crucial in an enterprise environment with a large number of endpoints."
- "The main point regarding the user experience is that Safeguard has two separate management consoles."
What is our primary use case?
I am an independent consultant who assists end users in deploying One Identity Safeguard correctly and creating all necessary workflows within the product. I then ensure its effective utilization in the production environment. I have been working with Safeguard since the beginning and continue to use it presently. Based on my experience, the majority of projects, around ninety-nine percent, involve virtual appliances. While I have performed some hardware appliance installations, I lack extensive experience with them. Therefore, I cannot definitively state whether they are good or bad. However, I can affirm that they function properly.
When we discuss the situation at the beginning of my journey, it serves as a safeguard. So, seven years ago, it primarily revolved around RDP and SSH session control. However, nowadays, I observe that customers are shifting their focus primarily toward password rotation and password management functionality. Moreover, they are increasingly utilizing the permanent analytics capabilities of Safeguard, such as user entity and behavioral analytics. Currently, we utilize all the functionality offered by One Identity Safeguard, including password rotation, password management, session management, and possibly session harmonics as well.
In most cases, we are referring to active directory environments and the safeguards implemented in such environments. This implies a close integration with the domain controllers, which serve as a source of identity information. However, the customers I work with as an independent consultant often utilize password management solutions. This indicates their desire to replace passwords, which may already be in use on certain devices. Sometimes, it involves scheduled password rotation. Additionally, session management has evolved. Nowadays, some customers are not only using RDP and SSH control but also MSS. Furthermore, I have worked on several projects involving HTTPS special control.
How has it helped my organization?
The situation as it was seven years ago, the usability and functionality of Safeguard were like three key questions in the case of Safeguard. Unfortunately, several years ago, they still had a sync client, which means a desktop application for one part of the product, while another part of the product was managed through the web UI. Of course, it was not so convenient. But nowadays, all the functionality is managed from the same console, meaning via the web UI, 100 percent. So, from this perspective, I can say that customers are quite happy with the current user interface of the solution.
The most important benefit is that when we talk about the deployment of any PAM solution, it serves as a centralized point for privileged access connections. This includes internal users, such as administrators or individuals with special privileges, like an accountant with additional access to the company's ERP system. This is in contrast to the standard situation where users have a direct connection to the target system, which lacks control. Firstly, a single point is created to enable full control over connections. Additionally, automation allows for quick response in case of any malicious activity. For instance, if the system detects abnormal behavior, such as in an SSH session, it can instantly terminate the session without requiring the involvement of cybersecurity personnel. The advantage of this approach is that it eliminates the need to involve humans in the process, which would take time. With a PAM solution like Safeguard, these actions can be executed within seconds, preventing any negative impact on the target system.
From my perspective, using the transparent mode is quite easy. However, from the customer's point of view, they should take the time to understand how it works properly. Once they grasp the concept of how this mode operates, which is made possible by the unique technology at the core of Safeguard's privileged session module, it becomes a significant benefit. Some customers may find it necessary to review this aspect carefully. Nevertheless, once they comprehend the intended functionality, everything else becomes straightforward.
I did not observe any issues concerning the rollout of the transparent mode for our users.
Monitoring privileged accounts using transparent mode is much easier from a user perspective, as it is almost invisible to them. What we are discussing is the deployment of Safeguard in transparent mode. From a monitoring standpoint, unfortunately, it does not prevent the injection of certain credentials. However, in terms of monitoring functionality, it is almost the same. Therefore, I cannot say that there is a significant negative impact from that perspective.
We utilize the secure remote access feature for privileged users. The majority of my projects involve contractors and third parties rather than direct employees.
Without One Identity Safeguard, managing remote access would be significantly more challenging. Safeguard is the tool that, from my perspective and based on my project experience, enables customers to have complete and effective control over remote access for both their contractors and internal infrastructure. It is remarkably user-friendly. Therefore, there is no distinction between deploying Safeguard for securing our internal network and implementing it for managing remote access from third-party networks and beyond.
It is nice that the Secure Remote Access feature does not rely on VPN; however, all of my customers continue to use VPN and utilize a VPN panel to manage remote access via Safeguard.
What is most valuable?
A dealbreaker for customers is the capabilities of the privileged analytics module, which can be extremely useful in certain cases. From a functionality standpoint, I would like to emphasize One Identity Safeguard architecture itself is quite mature. It offers high availability and enables end users to deploy the solution with 99.999 percent uptime, which is crucial in an enterprise environment with a large number of endpoints.
What needs improvement?
The main point regarding the user experience is that Safeguard has two separate management consoles. Both are web-based user interfaces, specifically HTML-based. However, they are completely distinct consoles. It would be preferable to have a single management console or tool instead. This would allow for a unified point of connection to all nodes, enabling the management and creation of policies, connection requests, and other related tasks.
What I saw and heard from the customers is the control functionality of the HTTP session. Nowadays, there are numerous blind spots in the current organization of HTTP session control functionality. It should be addressed in the latest version, as some competitors already offer unrestricted functionality.
For how long have I used the solution?
I have been using One Identity Safeguard for almost seven years.
What do I think about the stability of the solution?
From a technical perspective, Safeguard has two distinct development lines, let's say. The first one is Long-Term Support, which can be considered quite stable. However, when we discuss the non-LTS branch with new functionalities, I must admit there have been a few instances where we encountered some rather strange and interesting bugs. While the non-LTS branch is less stable, it still qualifies as a production-grade solution. In most cases, any bugs that arise do not automatically affect the user experience, overall system functionality, or the ability to control the privileged environment. Nevertheless, there are occasions where these bugs can be quite amusing, requiring us to reach out to technical support and submit a new ticket to have them resolved.
What do I think about the scalability of the solution?
Safeguard is highly scalable due to its architecture. From my perspective, it is one of the most scalable solutions on the market among other Privileged Access Management solutions.
How are customer service and support?
During many projects, we contacted standard support. I mean, even without the premier support contract, we simply created some tickets. We had several video calls with the One Identity team, and I can confidently say that they are highly supportive. Sometimes, for non-critical issues, they may take a long time to respond. However, when it comes to physical issues, they are extremely prompt in their responses, prioritizing them based on the defined priority during ticket creation. They strive to be fully engaged and invested in resolving the problem.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used WALLIX Bastion, CyberArk Privileged Access Manager, and senhasegura.
CyberArk is a great solution from a functionality standpoint. It offers interesting features in certain cases, which unfortunately are absent in Safeguard. However, from a customer perspective, there are some issues. At times, I wasn't involved in the evaluation procedure when our customers wanted to determine the ideal solution for their use cases. CyberArk can be overly complex in this regard, with numerous different modules, each requiring a separate license. Consequently, the overall cost of the project and solution would be much higher compared to Safeguard. Nevertheless, from a technical standpoint, CyberArk is quite impressive. Yet, it remains overly complex for end users, both in the business and technical teams, and the pricing is not the most competitive.
Regarding WALLIX, I must say that it sometimes has certain peculiarities that are difficult to describe. The way they create the management console and the principles for managing their solution is rather strange. Understanding their approach fully requires reading the documentation several times. Senhasegura is also a decent solution in my opinion, but it is not yet mature enough. They offer a wide range of functionality and modules, but the lack of separate licensing, as in CyberArk, is a plus. However, during deployment and setup, we may encounter some issues. In general, they claim to provide a lot of functionality, but it is not as detailed as Safeguard.
How was the initial setup?
The initial setup is straightforward. Based on the experience of some of my customers, they didn't involve me during the initial deployment phase, but later on, during some kind of policy setup phase, and so on. I can say that even inexperienced users, customers who saw Safeguard for the first time, were able to fully deploy Safeguard by following the official documentation, which is detailed and helpful. They were able to deploy all the necessary components, at least four SAP and one SPS. So, it's a basic deployment process that my customers were able to complete within a couple of days without any issues.
To deploy virtual appliances, in my case, it will take a couple of hours, or perhaps several hours for complex deployments involving geographical distribution between different customer sites, among other factors. However, when considering the entire project, it includes not only the initial deployment phase but also connecting to the active directory, creating necessary policies within the products, and setting up integrations with third-party solutions such as SIM. I've heard that the longest projects with Safeguard lasted around four and a half months.
The number of people required for deployment varies based on the size of the deployment, but typically, between one and two people are needed.
What about the implementation team?
We help our customers with their implementation.
What's my experience with pricing, setup cost, and licensing?
The pricing depends on our perspective, our budget, and, of course, the competitors we are taking into account. For instance, when comparing it to CyberArk, Safeguard is considerably more expensive initially. However, from my viewpoint, the pricing of Safeguard, in comparison to CyberArk, is quite straightforward and logical. What I mean is that we have dedicated licenses for each appliance, as well as licenses for premium users or target systems, and that's all. There are no additional modules. Therefore, in some cases, it may be relatively expensive, but on the other hand, it is logical and straightforward.
What other advice do I have?
I give One Identity Safeguard a nine out of ten.
Privileged users continue to utilize their connection to the target systems, thus remaining unaffected during the deployment process.
Normally, reading the documentation would be sufficient to start using Safeguard for both those who manage the solution and the end-users. However, in real life, I conducted some technical training sessions for Safeguard administrators and Safeguard end users. For end users, in most cases, a two to three-hour training session was enough to familiarize them with the management console. This console is used to request extensions to target systems and perform other related tasks. On the other hand, administrators usually required six to eight hours of training. However, the duration can vary depending on the specific project. For instance, a standard deployment with four nodes would differ from a non-standard deployment with twelve nodes distributed across an entire continent. In such cases, customers may need additional training to ensure business continuity in the event of issues occurring at a specific site. This training would focus on the technical aspects of implementing a business continuity plan.
When preparing to deploy Safeguard, our first step is to engage in a comprehensive discussion with the customer regarding their project goals. We inquire about the specific reasons behind their need to incorporate a PAM solution. Once we have a clear understanding of their use cases, we proceed to address the technical aspects. From a technical perspective, one of the most crucial questions is to define the scope of the target systems, including the types of operating systems and protocols that will be utilized to establish connections, such as RDP, SSH, HTTP, or MSS. After establishing the scope of the target systems, we then proceed to define the scope of the end users who will utilize Safeguard. These users will establish privileged sessions with the target systems. Additionally, we determine the source of identity information for privileged users, which is typically the active directory, although, in some instances, a DAP service deployed in the customer's infrastructure may be utilized. Once these preliminary steps are completed, we have all the necessary tools and information to proceed with the deployment process itself.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
System Manager at a retailer with 10,001+ employees
Provides us with centralized storage of secrets and credentials, and visibility into the use of privileged access
Pros and Cons
- "The whole product solves the privileged access management challenge for our company. We have a secure tunnel, a secure session manager, and automatic logging of sessions, which is good for forensic purposes. We have a rich level of logs and can trace what happened on which machine and see who did what."
- "The SPS could be a lot easier to administrate and the parts should be unified, from a design perspective, so that I can recognize the systems as being part of the same package. They feel like they have been forced together."
What is our primary use case?
Our administrators mainly use it to protect their different packages and access secrets through Safeguard, either by checking out credentials, using encrypted sessions, or utilizing the product's API.
We are using a virtual appliance deployed in the cloud and on-premises.
How has it helped my organization?
The centralized storage of secrets and credentials prevents them from spreading throughout the organization. We know who has control over them and who has access. Before Safeguard, there might have been a few Post-Its stuck on screens, which isn't secure.
We have also gained visibility into the use of privileged access. It's way easier for us to see what, when, how, where, and why. We now have a good way to provide justification for doing things, instead of relying upon people to remember. Now we can demand that.
And the rich level of logging, including visual logs with video recordings of sessions, has given us more confidence in our security posture, where we have onboarded the system.
What is most valuable?
The whole product solves the privileged access management challenge for our company. We have a secure tunnel, a secure session manager, and automatic logging of sessions, which is good for forensic purposes. We have a rich level of logs and can trace what happened on which machine and see who did what.
Feedback from our users on the usability is positive regarding the UI experience. Instead of keeping their credentials on them somewhere, they now have a very easy-to-use portal with a nice GUI. There has been some feedback from people saying, "Couldn't it do this," or "Now I have to do that". But that's basically change management and not a real problem. There is some getting used to the UI, but I think the UI is very easy to understand and to use. The usability is very good and that's one of the main ways Safeguard stands out from the competition.
What needs improvement?
Safeguard, the way I see it, has two different parts: vaulting and sessions. And those two are running on different platforms. The vault itself is a locked-down Windows box, which isn't really causing any trouble. The session part is on a Linux box. They sell them separately, but together, they need to be more unified, at least from a UI perspective when you're using it as an administrator. There are some "legacy-level" menus and ways of using it that I don't really appreciate.
We are using it completely web-based, not through a fat client. The browser experience of administrating SPS (Safeguard for Privileged Sessions) needs a lot of attention from an administrative perspective to make it easier. The readability of the system itself is quite poor.
A user never really engages with that part. It's only the administrator, and maybe an auditor, who are subjected to using those menus and tools.
So the SPS could be a lot easier to administrate and the parts should be unified, from a design perspective, so that I can recognize the systems as being part of the same package. They feel like they have been forced together.
For how long have I used the solution?
We started implementing One Identity Safeguard about one and a half years ago.
What do I think about the stability of the solution?
It's very robust. We haven't had any issues with Safeguard's stability.
We have done a few things that have "annoyed" it, but it has always come back. We tried to upgrade one of the session nodes, and we did it in the wrong order, but it pulled through anyway. That was quite impressive. If you deploy it on virtual servers as we have, with a virtual appliance, if you have that under control, Safeguard itself is not an issue, at least for the time being.
What do I think about the scalability of the solution?
I believe we may have done a bigger deployment than we actually need. We were advised to use a node and another node to have a little bit of a cluster function. We went even bigger than that, so we are using the biggest version of what they recommend.
But I don't see scalability as an issue. I don't think it's something that Safeguard does particularly worse or better than anyone else. It's easy to deploy another node for the same function that you already have. Or if you want to replace something that doesn't work the way you want it to, you can switch it. It is very scalable. We haven't touched the limits of what it's capable of and I don't think we ever will.
We have about 150 users at the moment.
How are customer service and support?
I don't think we are using One Identity's Premier Support. We are using some level of support from them, but that support is handled by our partner. If we raise an issue, our partner coordinates between us and One Identity.
Which solution did I use previously and why did I switch?
We did not have a previous solution.
There are different kinds of solutions that Microsoft provides, called PIM, instead of PAM. It's for cloud-based roles and privileged access. We were using that before Safeguard and we are still using it for that specific use case. But we didn't have another privileged access management solution, other than human administrators. It was surely needed.
Just getting a PAM solution is many steps better than what we had before.
How was the initial setup?
The initial setup wasn't really complex. We are using the virtual client, so it was fairly easy. We didn't really have to do any setup. We just had to start a virtual machine and run the appliance, following their documentation, which is very good. It was quite easy.
We are utilizing a partner for getting started so I didn't find it hard to start.
Among the things that you need to look out for, and this applies to every product, is how it fits into the network that you are going to put it in. There are a lot of specific ports that it needs to be accessed through, and you should probably keep it as locked down as possible because this system shouldn't be exposed to any other environment. That is a hard task to complete. That is not a fault of the product itself, but it comes with that can of worms.
And, of course, you have the certificate questions, the different certificates that it needs to validate sessions and keep them secure. That's quite tricky as well. Again, it's not really a Safeguard issue, but your organization needs to know that these are considerations when you start.
Our technical go-live with the solution took three or four months. That was mostly related to our network issues and finding all the different ports that needed to be opened and closed. But starting the application and using it, running the GUI itself, is a matter of days. It depends on your organization and how well-equipped it is for this type of change.
We didn't force any big changes. We were debating if we should onboard our current privileged users and then force them, from day one, to use the system. Instead, we did a side-by-side solution where we started alternative users on it and then told our previous users to use it instead. And if that, somehow, was not satisfactory, they could still use their old account to complete the work. That way, we didn't jeopardize production. Every time we received feedback such as, "I need to use my old account because I cannot use this new Safeguard version," we needed to adapt and improve.
Once there were no more complaints, we started shutting down the old users who had not been onboarded to Safeguard. We didn't want to bring major change in an instant. We led them to the Safeguard solution and let them try it out, give us feedback. Generally, they found it easier to use Safeguard compared to their old ways and they started preferring it. When we saw we had no risks left, we disabled the accounts that they were using before.
In terms of training, for the admins we had a five-day course, which covered the basics. I did not receive that course, but I didn't really need it. The right partner can explain enough to you, in small sessions, about what you need to accomplish. And the user experience itself is so intuitive that you understand what you're doing. And their documentation is very easy to search and use. You don't really need much training. Of course, you need to understand how you affect different systems if you connect them to Safeguard but that depends more on your own organization than on what Safeguard is.
End-users just need a basic introduction to tell them, "Please go here, use this." They log in with known credentials and the same password as everything is under MFA. It's nothing new to them. And the user experience is very simple for them to check out the privileges that they need for the moment that they need them. That's quite self-explanatory.
What about the implementation team?
We had a partner called Intragen International that helped us understand the best practices for deployment and what not to do. We had them as an adviser, but we performed every step in-house. They didn't have any access to our system. They were more of an adviser.
What's my experience with pricing, setup cost, and licensing?
I believe we have a five-year deal in place, and it's an all-you-can-eat license. It's not user-based.
We also pay our implementation partner. We have a support deal set up with them, so that's a cost we have added on. But it's not applied to the Safeguard bill. The advisory role that they provide us is something that we decided we need.
Which other solutions did I evaluate?
We looked at the product from BeyondTrust. And we looked at CyberArk because that's what you need to do when you start this process. We also looked at a couple of other products, market leaders, according to review sites. But we mainly looked at CyberArk.
We, as an organization, realized quite early that privileged management access is hard. There were solutions that, like CyberArk, were very advanced and had huge legacy support with every type of system known to man. That was very interesting because you never know what you might have. But when we looked into CyberArk, we also felt that the system was a leader because they were first, not because they were the best. It seemed to be quite complex to deploy. Knowing our limits, we felt the Safeguard solution was more of a fit for us, and the user experience was way more intuitive than the CyberArk version.
Looking at the other competitors, they were more leaning toward a cloud-based solution or were going that way. Of course, we are always trying to get to the cloud—you never get there, but you always talk about it—and we felt that if we were going to keep all of the secrets of the company anywhere other than in our own environment, it would almost be irresponsible to have it on a vendor that always puts things in the cloud. That essentially meant we wouldn't know where they would be.
By deploying it ourselves, at least we know where the keys to the kingdom are, and we control them. The other vendors were not selected because they were too cloud-oriented for such an important part of our company. We needed to keep it ourselves and keep the responsibility in-house, and not put it anywhere else.
Safeguard had the same philosophy, allowing us to do a virtual appliance that we deployed ourselves in our own data centers, keeping every bit of information inside our walls instead of putting it on the cloud. With CyberArk, we could do that as well, but it sure seemed way harder, so we skipped that.
What other advice do I have?
To prepare for Safeguard you need to know your network, and if you think you do, you don't. You need to have network personnel available during the deployment to maintain tempo in the deployment. If you don't have access to people who are able to change things in the firewalls and the like, you will stall.
The documentation, what you need to do, is very clear, but every network is different, and you really need to know where you put your Safeguard solution and that you have access to people that can help you fit it into your existing network. That's a very important step.
You also need to know what "high privilege" means to you because it's not defined in Wikipedia. You cannot go there and see what applies to your systems. You need to know that yourself. Be sure about what you want to protect and what levels of protection you want, beforehand.
And, as I mentioned, there is the issue with certificates, which is an issue for every company. It's quite a hard thing to know. Not everyone is a professional when it comes to certificates. You may need to know the certificate chain, and you might have to update it with new information and roll that out to your organization. That might not be your first thought when implementing it in your system.
But the main focus is the network, especially if you're also going to deploy Safeguard in your own cloud. That creates a little bit more of a challenge.
We use their product called Active Roles as well. We haven't really done any integration with other parts of our business. We have just given administrators and people with high privilege a secure way to access their systems through RDP and SSH. But we have not integrated any robots or development flow as of now. We are too young in this journey.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Senior Consultant at a tech vendor with 5,001-10,000 employees
Stable and has an easy-to-understand interface, even for people new to it
Pros and Cons
- "I like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor."
- "Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target."
What is our primary use case?
We introduce One Identity Safeguard to customers, primarily Italian customers who need to partner with solutions that protect their target resources.
What is most valuable?
What I like about One Identity Safeguard is its interface, which is easy to understand, even for people new to the product. I also like that the solution collects data without any access to the machine, plus it has a feature that lets people explore access to machines within a network.
Regarding the usability and functionality of One Identity Safeguard, the most common feedback I receive from users is that the solution is easy to use and can easily move data.
I also like that One Identity Safeguard lets you configure the maximum number of connections to the target, a configuration I didn't find in its competitor.
My customers use the transparent mode for privileged sessions in One Identity Safeguard, and it is easy to use, though it may be more difficult to configure. I haven't received any customer complaints about that feature, so it's not that difficult to use.
To start using One Identity Safeguard in terms of training for people who manage the solution and the end-users, my colleague and I took a course from One Identity. That training was enough for the basic features, but for some other features, my colleague and I had to create some tickets, though he and I know the database and processes. For users, it is easy because my company provides them with a two-page resource manual with screenshots. Then, I spent some time with the managers to show how One Identity Safeguard works, which is very easy because I've used the solution before.
The analytics interface of One Identity Safeguard is also easy to understand.
What needs improvement?
A feature I found in a competitor would make One Identity Safeguard better, and that is the ability to load balance the traffic in the target. For example, in two machines with some applications, I would like to balance traffic between the two machines with the help of One Identity Safeguard. It would be great if the solution allowed users to add some applications to a cluster and balance the traffic between the applications.
For how long have I used the solution?
I've been working with One Identity Safeguard for customers for six months.
What do I think about the stability of the solution?
Stability-wise, One Identity Safeguard is okay. It's been running for almost one year, and there's no problem with its stability, so, in terms of stability, it's a seven out of ten for me.
What do I think about the scalability of the solution?
The scalability, including the clustering for One Identity Safeguard, could be improved. It is fair right now, scalability-wise, and from an engineering perspective, it may not be as easy to do that because the appliance would have to be encrypted, and there's a security requirement. Still, it would be nicer if scalability could be improved in One Identity Safeguard.
How are customer service and support?
Support for One Identity Safeguard could be improved because sometimes the support team doesn't have an answer or solution for some bugs. Support-wise, it's an eight out of ten for me.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used a different solution previously, but One Identity Safeguard could limit the maximum number of connections to a target. The other solution, on the other hand, could not do that but has a load-balancing feature.
How was the initial setup?
My company deploys One Identity Safeguard for customers, and I found the process easy.
What other advice do I have?
My customers use the One Identity Safeguard virtual appliances.
I have not used the Cloud Assistant feature of the solution.
I have not used the Remote Access feature for privileged users in One Identity Safeguard.
My company does not integrate the solution with any other parts of the business, such as development, operations, and RPA. It was just tested but not rolled out in production.
In terms of how the deployment of One Identity Safeguard affects privileged users may be a complex question because the customer didn't have a previous infrastructure. The customer is now building the infrastructure, so it's a dynamic environment. The customer doesn't have an old environment.
I'm a One Identity Safeguard integrator, and my company also resells it.
Regarding maintenance, usually, it's not required. Still, sometimes a user could complain about not being able to access passwords in One Identity Safeguard or that there is some misconfiguration I need to analyze, and in the end, the issue is with the target appliance and not One Identity Safeguard.
My rating for One Identity Safeguard is eight out of ten overall.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller
Cyber Security Engineer at a financial services firm with 5,001-10,000 employees
The snapshot feature enables us to review the last time an application was opened and by whom
Pros and Cons
- "I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server."
- "We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what."
What is our primary use case?
I work for a bank, and we use Safeguard to manage access to our Internet banking services. We use Safeguard for two things: identity and access management and detection recording. We have our services onboarded on SysTrack doing RDP directly to the servers or station, and we use virtual appliances for collection. The solution covers around 150 users at this organization.
What is most valuable?
I like Safeguard's snapshot feature that enables us to review the last time an application was opened and by whom. If there are any issues, we can look behind the scenes to see what has been done. We can suspend a user's access or close off a server.
What needs improvement?
We've had issues managing accounts and access to some data saved on the servers. Accounts are granted a new working certificate daily. We have an account to do it on APIs online and sync it with that. If the path changes at some point or someone changes the password, I don't know if it's from the Active Directory or what.
For how long have I used the solution?
I have used Safeguard for one year.
What do I think about the stability of the solution?
Safeguard is stable.
What do I think about the scalability of the solution?
It's scalable, depending on the solution case. I don't know if it's domain-based because it was not restricted. We're gradually moving to the Azure cloud.
How are customer service and support?
One Identity support is okay.
How was the initial setup?
Deploying Safeguard was straightforward.
What other advice do I have?
I rate One Identity Safeguard eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Professional Service Manager at a financial services firm with 501-1,000 employees
Offers a highly reliable VPN contact point and solves our password management issues
Pros and Cons
- "The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable."
- "We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated."
What is our primary use case?
The first time I used One Identity Safeguard was when I was the manager of the infrastructure of Ayendeh Bank, and we are currently using it now at my present company.
Our main use case is in security reviews for all of the change management and incident management services, and we also use it for the VPN connection for PAM. It allows us to review everything that goes on over the working day.
For example, our third-parties who support all of our services, including network services (e.g. Cisco) and our Linux servers, are eligible to connect via the VPN, and through One Identity Safeguard, they are able to make contact with and use the various services.
Our company works alongside various PSPs (Payment Service Providers),
and our work here is mainly to prepare the software switch for them, and
to handle the SLA for infrastructure maintenance services. Due to the nature of our work, we also use One Identity Safeguard for on-call and direct administrators whether they are in-house or external to our company. It is, in fact, the main tool for managing access for all the services. And because of that, I'm available for these companies 24/7 all year long.
At present, we have around 17 direct users of One Identity who use it on a daily basis, which includes 10 people from my own department.
What is most valuable?
The first feature I like about One Identity Safeguard is the live contact point for the VPNs. This has been working very well for us, as it's both highly available and reliable.
The second thing I like is the services that let us review all the contacts and take all the passwords from another administrator. These services are very reasonable. For instance, some of the third-parties will leave our company and support, but then fail to relinquish the usernames and passwords. With the security orchestra that One Identity Safeguard provides, this is no longer a problem.
What needs improvement?
We currently have a problem with the Active Directory integrations on Windows. Some of our users need to be logged with Active Directory, but we are having communication issues between One Identity and Active Directory. It seems that Active Directory is not well-integrated.
Apart from that, when we are using the interactive login, such as when logging in and going inside the site for support, we find that we need to repeat the username and password, sometimes even two or three times.
When it comes to suggestions for new features, I would like to see something along the lines of an automated command prevention system. To elaborate, sometimes we will have users who input unsafe commands, and we would like to prevent those commands from being processed, and to be able to identify those users who sent the commands.
I believe some kind of automation, possibly based on AI, would be appropriate for this, and it would help the administrators and managers to more easily prevent these kinds of incidents. Part of my role is to reduce the number of total incidents, and if we had an automated mechanism to prevent unsafe commands from being entered in the first place, it would help a great deal.
For how long have I used the solution?
I have been using One Identity Safeguard for about six years.
What do I think about the stability of the solution?
I can say that it is 100% stable because during the past two years we have not had a single problem with stability.
What do I think about the scalability of the solution?
In our company, the scalability is good enough for us at present. In my department, there are ten direct users, and outside my department there are another seven direct users. Perhaps when we increase our customers, we will scale up further.
How are customer service and support?
At present, because of the sanction department for technology in Iran, we cannot use the direct customer support. Instead, we use third-party support. For example, we have a contact point with a company who has branches in Turkey, and they are taking the tickets for Safeguard. Before that, with Balabit, we got responses in less than 24 hours.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Before Safeguard, we were using Balabit. However, Balabit has now been acquired by One Identity.
Another solution that was being used by some of the other companies I consulted for was WALLIX Bastion. Using WALLIX was a really different experience. With One Identity, we have no problems with connections or slow communications in the network, but with WALLIX there were many problems to do with the networking. Sometimes the servers would even crash or hang, but none of these issues have been found in Safeguard. By comparison, Safeguard is much better in terms of performance, networking, and server stability.
How was the initial setup?
There were no real problems with the setup. Regarding the ease of installation, if you have a professional team, then it is easy. But, for example, if it's your first time setting it up as a junior administrator, then it can be quite difficult. I would Safeguard a 3.5 out of 5 in terms of how complex the initial setup is.
What about the implementation team?
We used an in-house team for the implementation, because myself and the other companies we work with have a lot of experience in it. Thus, for us, it was no problem to implement.
What's my experience with pricing, setup cost, and licensing?
The license is very expensive for us, partly due to inflation and partly because of the exchange rate between the Dollar and the Iranian Rial. We purchased a perpetual license that we've been using up until now, but I believe that we are not going to update it in the future. Instead, we plan to find another third-party to support us with the license, in the sense that we would have access to their license as a shared agreement.
What other advice do I have?
I would rate One Identity Safeguard a nine out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
SOC Analyst at a recreational facilities/services company with 10,001+ employees
Works well for PSM features, but we sometimes face configuration issues
Pros and Cons
- "In terms of the user experience, it is a pretty useful product. It works in a good way."
- "We sometimes face issues with configuration and things like that, but we manage to solve them."
What is our primary use case?
We mainly use the Privileged Session Management (PSM) features.
What is most valuable?
In terms of the user experience, it is a pretty useful product. It works in a good way.
What needs improvement?
We sometimes face issues with configuration and things like that, but we manage to solve them. In general, it is a pretty good solution for the PSM features.
There can be an improvement in terms of the policy that can be implemented on the SSH session.
For how long have I used the solution?
I have been working with this product for more or less 2 years.
How are customer service and support?
I have never spoken to their technical support. A colleague of mine interacts with them.
Which solution did I use previously and why did I switch?
I did not work with any other solution previously. I have read about other products and their features, but I have not worked with them. One Identity Safeguard is probably one of the best solutions for PSM features.
How was the initial setup?
I do not work on the installation. I work on the setup. We do face some issues with configuration, but in general, we are able to troubleshoot them.
What other advice do I have?
Based on my personal experience with the PSM features, it is a good product. I know that there are some competitors, but I have not worked with them.
My colleagues worked on its integration with another tool. It seems to integrate fine, but I do not know for sure if he faced any issues.
My experience is with the PSM features, and for that, I would rate the product a six out of ten. There are some specific features that can be improved, but in general, I have had a good experience with the product.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros
sharing their opinions.
Updated: June 2025
Product Categories
Privileged Access Management (PAM) User Entity Behavior Analytics (UEBA) Non-Human Identity Management (NHIM)Popular Comparisons
CyberArk Privileged Access Manager
IBM Security QRadar
Delinea Secret Server
CyberArk Endpoint Privilege Manager
BeyondTrust Endpoint Privilege Management
WALLIX Bastion
BeyondTrust Privileged Remote Access
ARCON Privileged Access Management
ManageEngine PAM360
Delinea Privileged Access Service
Proofpoint Insider Threat Management
Symantec Privileged Access Manager
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Which PAM tool do you prefer: CyberArk Privileged Access Manager, One Identity Safeguard, Delinea Secret Server, or BeyondTrust Privileged Remote A
- Why should one choose One Identity Safeguard and One Identity Active Roles for the banking and insurance industry?
- What is One Identity Safeguard's lower-level architecture scheme?
- When evaluating Privileged Identity Management, what aspect do you think is the most important to look for?
- How was the 2020 Twitter Hack carried out? Could it have been prevented?
- Which is the best Privileged Account Management solution?
- What are the top 5 PAM solutions that can be implemented which cover both hybrid and cloud?
- What are the top 5 PAM solutions?
- How will AI and ML help or work with PIM/PAM?
- Is BeyondTrust Endpoint Privilege Management really expensive compared to other tools or software?