Try our new research platform with insights from 80,000+ expert users
Yehuda Fabian - PeerSpot reviewer
System Administrator at Shaare Zedek Medical Centre
Real User
Top 20
Provides great performance, is easy to manage privileged users, and increases security
Pros and Cons
  • "One Identity Safeguard is stable and provides great performance."
  • "The GUI has room for improvement because it is confusing and cumbersome."

What is our primary use case?

We use the virtual appliance of One Identity Safeguard to enhance security when external support is logged into our internal network. This is because it is the riskiest situation when an external company logs into servers to provide support. We want to increase security and monitoring to minimize risk. We have better monitoring tools to help us achieve this.

How has it helped my organization?

Managing the remote access for privileged users feature is moderately difficult.

What is most valuable?

We currently use only one feature, which is privileged access to remote desktop servers with rotating passwords for privileged accounts. This is the main feature we use, and it typically disconnects external users from the system before giving them a different user to use for logging in. We have to use the Safeguard session in an integrated separate session or with the exact name available to record the sessions.

What needs improvement?

The GUI has room for improvement because it is confusing and cumbersome. 

Buyer's Guide
One Identity Safeguard
November 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.

For how long have I used the solution?

I have been using One Identity Safeguard for two months. 

What do I think about the stability of the solution?

One Identity Safeguard is stable and provides great performance.

How are customer service and support?

The technical support varies depending on who is assigned to our ticket. 

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup was complex, and we had to put it behind a firewall for security. This made it difficult to open the ports needed to set up the connections. It was a time-consuming process, and we had to work with the integrator to complete it. It took several days of work, but the tool is powerful and worth the effort to set up.

Three people were required for the deployment.

What about the implementation team?

We used an integrator to help implement One Identity Safeguard. The integrator was good. He was able to train our people to deploy the solution.

What other advice do I have?

I would rate One Identity Safeguard eight out of ten.

A moderate amount of training was required for our people to start using One Identity Safeguard.

We have up to five people using the solution.

The only maintenance required is for patching.

One Identity Safeguard is a great product once we become familiar with it. The GUI takes some getting used to.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Security Architect at a media company with 51-200 employees
Real User
Provides valuable data protection, access to immediate support, and doesn't rely on VPN
Pros and Cons
  • "There are numerous valuable data protection features, including the content and information that offer us more scalable protection as needed."
  • "Some of our users find the functionality a bit complex, and it could be made more user-friendly."

What is our primary use case?

We are using One Identity Safeguard for our data protection.

We are utilizing the virtual appliance solution because it is slightly more cost-effective and allows us to manage it remotely.

How has it helped my organization?

Secure Remote Access feature is being utilized by non-technical users, primarily for multi-factor authentications. We are implementing MFA; however, some users in our branch are not yet connected. Consequently, we are resorting to using a VPN in our access control measures. At times, we have also employed remote branches for auditing and monitoring any potentially suspicious activities. Our endpoint security is consistently updated and ensures encryption for all the internet services we utilize.

It is important that the Secure Remote Access feature does not rely on a VPN. One Identity Safeguard provides us with the ability to manage access to the system network and data from our remote branches through the Secure Remote Access feature, ensuring a secure and confidential connection on the backend.

We have integrated One Identity Safeguard with our DevOps processes to assist in managing the parameters. Prior to the integration, we used to wait for certain automation related to security, either already completed or sometimes people would proceed without reporting. However, after the implementation, it has proven to be highly effective for security testing through automation at various stages, particularly in the pipeline, and for conducting critical analysis. This has significantly improved our understanding. 

What is most valuable?

There are numerous valuable data protection features, including the content and information that offer us more scalable protection as needed.

We also have access to immediate support for situations that we are unable to handle.

What needs improvement?

Some of our users find the functionality a bit complex, and it could be made more user-friendly.

The integration of automation, security monitoring, and secure configuration can be enhanced. We can integrate these elements using Ansible or any other necessary tools. This would be advantageous in terms of time and effort saved during implementation, especially when dealing with merged branches. This approach will guarantee that the code is approved, tested, and verified, potentially resulting in substantial time savings.

For how long have I used the solution?

I have been using One Identity Safeguard for ten years.

How are customer service and support?

Premier Support is valuable because it enables us to receive prompt assistance whenever we encounter any type of issue.

How would you rate customer service and support?

Positive

How was the initial setup?

The time to deploy varies from a few minutes to several hours depending on the scenario.

We integrate security tests into our CI/CD pipeline for privileged users to ensure that these users are not affected.

Which other solutions did I evaluate?

We also assessed CyberArk, which is a more robust Privileged Access Management solution compared to One Identity Safeguard. However, it comes with a significantly higher cost.

What other advice do I have?

I would rate One Identity Safeguard an eight out of ten.

We conducted training sessions for all employees and managers in our company. The training was tailored to each person's skills in order to streamline the training process and facilitate the deployment procedures.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
One Identity Safeguard
November 2024
Learn what your peers think about One Identity Safeguard. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Chief Information Security Officer at a financial services firm with 51-200 employees
Real User
Reduces operational costs and eliminates password sharing
Pros and Cons
  • "We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. By using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required."
  • "The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region."

What is our primary use case?

Our company is regulated by the central bank in our country. There are about 4,000 employees in our organization. 

Our main need was to reduce the operational cost of our department by increasing the window of operations to 24-hour rather than have office unemployment. 

We are now digitizing the access control function through One Identity. Whoever forgets their password can reset it on their own rather than reaching out to the security desk. Whenever we have a new employee, we found that it was taking at least two days to get them a username or access to the system. Now, once they are logged into the organization and are registered on our ERP system, their complete access will be ready within five seconds. They will receive an SMS with their username and password so they can start working. This has increased efficiency and effectiveness of the access control function. It has reduced operational costs as well as providing services 24/7 with a platform that can be used anytime and anywhere for investigation in case we have a requirement. 

We use the physical appliances, as they are more reliable. Around the world, dedicated appliances are more reliable than having a virtual version/copy. We went with the physical appliances because they are dedicated and closed like a black box. However, we haven't reported any misses with the virtual version. 

What is most valuable?

We use the solution’s Approval Anywhere feature which enables us to add an extra layer of security for critical passwords without adding time-consuming approval processes. In the past, we were having problems when a user went on vacation. There were many recalled cases of password sharing. When we received this type of incidence and started to investigate, we found out the past setup had no solution. For example, if someone with a daily duty went on vacation, they still had to do it within the office. That is why sometimes people tried to justify the sharing of passwords by the importance of their duties. Now, by using this platform, if someone goes on a vacation, out of office, or needs urgent/planned leave, then our setup will select the functions tied to that person and automatically delegate them to the next person. That person can start performing that duty based on their access. No sharing of passwords is required.

What needs improvement?

The multilanguage functionality does not support the Arabic language, even though this solution is deployed in an Arabic region. However, it matches our criteria and requirements overall.

One Identity is using a third-party to create one-time passwords. Due to our security restrictions, we needed to build our own. When we discussed this with One Identity, "Why they don't provide a technology that can be hosted on our data center and be built by One Identity," they said they are using a third-party. This was their justification, so I think it's based on their strategy and there's no harm using a third party. However, we were having an issue using a third-party.

For how long have I used the solution?

I have using this solution for about six months. The project started about one year back. We started product introduction through phases. We went full-fledged with One Identity using Cloud Access Manager, Password Manager, and Privileged Access Management along with identity and access management.

What do I think about the stability of the solution?

We have been trying to stabilize the system until now. We haven't had the chance to revisit the deployment to find out if there are any expansion plans, as we are working to sustain the set up. We want to increase end user awareness and start building the number of reports.

What do I think about the scalability of the solution?

I didn't have a requirement to test the scalability of the solution. We did discuss the scalability with the system integrator at the beginning, and it's on the license level. I don't think we will have an issue once we come to the point of needing to scale.

We have 3,000 end users and 10 administrators.

How are customer service and technical support?

I haven't had a chance to work the One Identity technical team. We work with the local partner instead.

None of my team has gone for training yet. However, they did have a handover for operation of the solution. It doesn't need that much training as long as you know the basics of access control functions. End users only need to have a tutorial to the portal. This is what we provide: a tutorial for how to use it and the know-how.

Which solution did I use previously and why did I switch?

We previously were using a manual process. One Identity helped us to automate this process.

How was the initial setup?

We integrated One Identity with our ERP system (Oracle) and also with our security operations center (Splunk). The integration went perfectly. It was an easy connection. We built the connectivity directly through the API. What we found time consuming: the setup and connecting One Identity. E.g., Oracle takes more time than Splunk to connect because Splunk's system is ready to send the security logs to the security operations centers. With Oracle, the integration depends on the business needs and there are a number of different requirements based on those business needs. The enhancement One Identity made is the historical part related to system access control goes through our SOC to this tool.

What about the implementation team?

My team worked on the initial setup. I don't remember any critical escalations related to technicalities during their field deployments. The local system integrator helped us with any deployment challenges. There was zero disruption to privilege users during the deployment, which can be attributed to the work of the project management team. The deployment took about six months using two outsourced resources.

For the consultation services, we went with a well-known, famous system integration company (Exceed Gulf), who is local. They were cooperative, experienced, and professional. They have led many successful deployments in our region. Sometimes, they provide better advice when we are releasing an RFP to the market, e.g., when they got this RFP, they added value by doing a slight amendment to the deployment. This contributed a lot to the success of this project. Their advice comes based on their experience in the deployment for such a solution in our region. I strongly recommend working with Exceed Gulf and the same team that we worked with, as their technical skills were perfect.

What was our ROI?

We have not yet seen ROI. The benefit that we get from using One Identity is that it reduces operational costs.

What's my experience with pricing, setup cost, and licensing?

We have a yearly license. The cost depends on how much a company wants to invest in technology. In our organization, we believe in modern digitization and automation processes so we found it affordable. One Identity was not that much less than other solutions and it is not a cheap solution. There were number of cheaper solutions. However, it's the most effective, according to our evaluation.

Which other solutions did I evaluate?

When we started thinking about approaching such a solution, there was an increased need to digitize or have a platform that helped to provided access control functions. There were a number of solutions in the market, like Oracle and Microsoft. One Identity (per our evaluation) was our selected solution. One Identity won when we match these criteria against other solutions in the market:

  • Support
  • The system integrator
  • Strength of the solution
  • Complexity of the solution (less complex than other solutions).

What other advice do I have?

Make sure to always get the support. This solution could not be successfully implemented with no support of the HR and procurement system. You will need to mature all of your HR and procurement processes to do the deployment in a secure manner. This is a security solution, not an IT solution. If you want to deploy it as a security requirement, you need to ensure that the HR and procurement processes are correctly in place. You can use it as a technology solution, because not all the technology requires security, but all security requires technology.

We haven't activated the session recordings yet. We have tested it, and while it worked successfully, we didn't apply it fully because of internal technical issues.

All the logs in the system are recorded and sent to our security operations center (SOC) for analysis. In our SOC, we have end user behavior analysis, but do not depend directly on One Identity to provide this. However, I might ask to have a report for the user behavioral analysis going forward.

I can rate the solution as an eight (out of 10).

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer1308201 - PeerSpot reviewer
VP & Head of Cybersecurity Manager at a financial services firm with 1,001-5,000 employees
Real User
Functionality is straightforward with a simple checkout process and integration of checkout proxy ID
Pros and Cons
  • "It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with."
  • "From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product."

What is our primary use case?

We started with administrative use cases and we were able to take control of all the local administrator accounts for endpoints and servers. We then started controlling privileged accounts for our domain administrators as well as for any kind of privileged account that had access to our switches, routers, and the like. 

This year we're looking at taking control of all of the servers and application accounts. But that's going to be a longer journey for us because there are a lot more of those accounts, and there is a lot more testing that needs to be done because of the nature of the accounts.

Another use case this year is integrating Safeguard into the SQL database, so we can start taking control of the SA accounts within SQL. 

Furthermore, we have a use case where we are using Safeguard to manage the account for our IIGA solution, which is our identity governance solution. When it creates new users or transfers or terminates users, it's using a privileged account that is being handled by Safeguard.

We have a lot more use cases but these are enough to give you an idea of how we use it.

How has it helped my organization?

We went from a state where privileged accounts were being used and not being monitored or even audited to our situation now where we are starting to monitor these privileged accounts more closely. That's where we show value in the product. Whenever a change is happening, we know because we find it in the logs. Our reporting and monitoring team is looking at it, and they are now starting to question changes that are associated with some kind of ticket or some kind CAB (change advisory board) request. It has improved our visibility for privileged access.

What is most valuable?

We have physical appliances for this solution. We went with that version of it because it was easier for us to deploy it and not have the IT engineers involved with our deployment. We wanted to control everything, from the deployment to the supportability to the usability of the product. I really enjoy the form factor of the appliance because it's definitely a change from the previous version, which was a bigger box. This one is a lot easier. It doesn't take up room on the rack, and it's very efficient as far as resources go.

The ease of use of the GUI is a really nice feature. It has a nice look and feel to it.

The actual checkout process is simple. You log into the portal and you're presented with accounts. That makes that so much easier because you don't have to go searching for stuff. It identifies what accounts you have, you click on it, and you go through the checkout process.

It's one of the best products we've seen. When you start looking at the functionality and use cases and usability of the product, it's straightforward. They designed this product with the end-user in mind, and they also had the sysadmin who is supporting the product in mind. They really did a nice job. Overall, it's a nice product to work with.

We use the Approval Anywhere feature and, through an app, it allows us to approve or deny requests. We don't have that turned on across the board, but we are turning it on slowly but surely. It adds an extra layer of security for critical passwords without adding time-consuming approval processes. That extra layer of security is our "belt and suspender" approach. It's making sure that you are approved to make a change, especially during production hours; it's approved by the person's manager.

What needs improvement?

From a usability perspective, what we are finding out is that our privileged domain admin users, in particular, want functionality for extending a checkout session. So we are working with One Identity support to see if there's an enhancement that can be made to the product. 

There is another area for improvement that I have sent over to One Identity. I said, "Whenever you check out a password, there should be a radio code associated with the password." That's something that we're trying to work on with them. It was submitted as a request for enhancement. Sometimes, you can't tell if an "O" is an "O" or a zero is a zero. If we had a radio code, the person could correctly read that password and make sure that they're not fat-fingering it.

For how long have I used the solution?

We've been using One Identity Safeguard since the end of 2017, so it's a little over two years. I was also a user of the previous version, which was TPAM, for many more years in my previous role.

What do I think about the stability of the solution?

We have never had an issue with the software or even with the appliances.

What do I think about the scalability of the solution?

It's very scalable. It doesn't matter what size of organization you have. If you have an organization of 1,000 or 100,000, the product is going to be scalable to your needs.

In our company, we have sporadic roles and we have about 55 users who are tuned into Safeguard. We're managing over 3,000 privileged accounts. Some of the users' roles are network administrators, IT administrators, help desk administrators, and InfoSec administrators. Our marketing team has users of the product, as they have applications whose passwords are being managed through Safeguard. We have a nice blend of users who are using the product daily. It has really done a good job of keeping up with the demand.

We definitely have plans to expand the usage of the product. Any area that's going to require some kind of privileged account, especially as we go through a digital transformation in deploying cloud services, Safeguard is going to be right there with us and will give us that flexibility to manage those kinds of accounts.

For deployment and maintenance of the solution we have a staff of one who reports directly to me. He's a senior cybersecurity engineer.

How are customer service and technical support?

Safeguard's technical support is one of the better ones that I have worked with. There's always room for improvement, but every time that I do pick up the phone it's been fine. 

Which solution did I use previously and why did I switch?

In my previous role I used Dell Quest TPAM, which was the previous version of Safeguard.

How was the initial setup?

The initial setup was very straightforward because my team had the expertise in deploying a PAM solution, which was TPAM, in the past. This wasn't really that much different. We were able to deploy the full infrastructure, including DR redundancy, without Professional Services.

Because of scheduling conflicts, it took a few weeks to deploy. The main boxes were up within a week, but the full circle of deployment of the product was about a month or so because of those scheduling issues.

Standing up the appliance, plugging it in, and getting started was very straightforward. So kudos to One Identity for really listening to what the user population had to say about TPAM, because it is definitely reflected in the Safeguard product.

In terms of the effect on our privileged users, it's always going to be disruptive when you change something. People don't like change. We introduced this slowly but surely. We took a real "crawl, walk, run" type of methodology. We took the most basic use cases, and then we would update our support documentation to support the product. As we deployed it, we kept finding areas that we needed to document. It wasn't so easy to deploy something that was going to change somebody's workday process flow. But a year later, we're in a different state. It's been adopted and people are drinking from the same water hose.

We had in mind that we needed to handle the local administrator accounts and the privileged accounts, and we moved on from there. We knew that doing the local administrator account, which is really a non-human account, was going to give us the biggest bang for the buck. We knew that was something that we would achieve fairly quickly, and we did.

The training for end-users wasn't that bad. The product is straightforward. When you start working on a product with a lot of the features that you had suggested, in a previous version, be implemented, it's really nice to see that the company is listening to clients and the user population. That helped us in training our employees who use the product. The training was extremely straightforward, and people really caught onto it fairly quickly.

What was our ROI?

We absolutely see return on our investment. We're minimizing the risk of potential insider and external threats. We're managing all the privileged accounts, and we have minimized the risks of an account being hijacked and being used to compromise domains.

We are already seeing the return because we conduct annual penetration tests to see if we're able to compromise the network.

Which other solutions did I evaluate?

We evaluated CyberArk and BeyondTrust in addition to Safeguard. We went through a bake-off and Safeguard had one of the best sets of functionalities. It even had simple stuff for integration of a checkout proxy ID. You could check out the password and then it would just proxy to the endpoint. An example would an SSH session you needed for an account that was checked out.

CyberArk was going to require a lot of resources, both human and infrastructure resources, that we didn't have the bandwidth to take on. BeyondTrust fell short of some of the use cases that we had. One of the use cases was relationship. We had a core team that decided on the product and when the core team did its scoring, Safeguard came out just a little bit ahead of BeyondTrust and well ahead of CyberArk.

What other advice do I have?

Start with your current state. That's what we did. Then, create a roadmap of where you are, where you need to be over the next five years. Once you're able to assess the current state and you have a plan in place, you can pick the product that's going to help you get to that future state.

The biggest lesson I have learned from using this product is to be open-minded in trying to figure out where we could use some enhancements. Just because you choose a product you don't have to be 100 percent, all-in on the product. There is always room for opportunities. Whenever there is feedback or challenges, take them and then see what you can do better. My focus is the end-user who is using the product. We have to make sure that using this product doesn't affect users' day-to-day operations.

We started using the solution's behavior analytics feature but it never really took off because we got overwhelmed with other areas that we needed to address. It's something that is on the roadmap for us to eventually take a look at, or at least refresh the project plan and commit some time and some resources to it.

We are looking to integrate Safeguard with RSA. RSA has a component and we're looking to streamline the metrics around that component. When a product is brought online, there's a way for us to go in and do a scan of that machine or that endpoint. Ideally what should happen is that we'll go to Safeguard, check out a password, push that password to the vulnerability management scanner, and scan it. When that scan is done, it actually checks in the password and rotates it. It's our vulnerability management solution that we're looking to integrate. We're doing a PoC on that right now.

Safeguard is a next-generation tool when it comes to privileged access management. They have done a nice job figuring out all the features that need to be available out-of-the-box. I do have high expectations for Safeguard. I continue to look forward to future releases because I know it's going to get even better.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
reviewer2037558 - PeerSpot reviewer
SOC Analyst at a recreational facilities/services company with 10,001+ employees
Real User
Top 20
Works well for PSM features, but we sometimes face configuration issues
Pros and Cons
  • "In terms of the user experience, it is a pretty useful product. It works in a good way."
  • "We sometimes face issues with configuration and things like that, but we manage to solve them."

What is our primary use case?

We mainly use the Privileged Session Management (PSM) features.

What is most valuable?

In terms of the user experience, it is a pretty useful product. It works in a good way. 

What needs improvement?

We sometimes face issues with configuration and things like that, but we manage to solve them. In general, it is a pretty good solution for the PSM features. 

There can be an improvement in terms of the policy that can be implemented on the SSH session.

For how long have I used the solution?

I have been working with this product for more or less 2 years.

How are customer service and support?

I have never spoken to their technical support. A colleague of mine interacts with them.

Which solution did I use previously and why did I switch?

I did not work with any other solution previously. I have read about other products and their features, but I have not worked with them. One Identity Safeguard is probably one of the best solutions for PSM features.

How was the initial setup?

I do not work on the installation. I work on the setup. We do face some issues with configuration, but in general, we are able to troubleshoot them.

What other advice do I have?

Based on my personal experience with the PSM features, it is a good product. I know that there are some competitors, but I have not worked with them.

My colleagues worked on its integration with another tool. It seems to integrate fine, but I do not know for sure if he faced any issues.

My experience is with the PSM features, and for that, I would rate the product a six out of ten. There are some specific features that can be improved, but in general, I have had a good experience with the product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
reviewer2299191 - PeerSpot reviewer
Cybersecurity Director at a sports company with 501-1,000 employees
Real User
Top 20
Is unstable, slow, and not user-friendly
Pros and Cons
  • "We don't need to use VPN for remote access."
  • "The deployment affects our privileged users because it takes a long time for them to request privileges, which impacts the SLA."

What is our primary use case?

We use One Identity Safeguard to manage our privileged accounts.

We use One Identity Safeguard on both physical and virtual appliances.

How has it helped my organization?

One Identity Safeguard uses a secure remote access feature that does not use a VPN. This is important because it is cheaper and more secure than implementing a VPN for remote access.

People can start using the solution after five days of training.

What is most valuable?

We don't need to use VPN for remote access.

What needs improvement?

One Identity Safeguard is slow and not user-friendly.

Managing remote access for privileged users is difficult because it requires a lot of customization.

Current integration with other solutions requires custom API development. I would like to see out-of-the-box integration built into One Identity Safeguard, similar to other solutions.

The deployment affects our privileged users because it takes a long time for them to request privileges, which impacts the SLA.

For how long have I used the solution?

I have been using One Identity Safeguard for nearly three years.

What do I think about the stability of the solution?

One Identity Safeguard is unstable. Many bugs affect its performance, particularly when generating bundle batches and performing discovery.

What do I think about the scalability of the solution?

One Identity Safeguard is scalable, but its performance degrades as it is scaled up.

How are customer service and support?

Customer support is a nightmare. They take a long time to respond to tickets, and when they don't understand the issue, they stall by requesting logs.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

I previously used BeyondTrust Endpoint Privilege Management, which is a better solution because it includes recording and remote access out of the box, whereas One Identity Safeguard requires us to integrate each of those components separately. Additionally, each component is a different appliance.

How was the initial setup?

The initial setup is straightforward. The installation takes a couple of hours. One person is required for the deployment.

What's my experience with pricing, setup cost, and licensing?

One Identity Safeguard is expensive and the cost goes up as we scale.

Licensing fees increase as we expand, as does the cost of basic support, which allows us to open tickets. Additionally, we must pay to update outdated appliances.

What other advice do I have?

I would rate One Identity Safeguard three out of ten.

I only recommend One Identity Safeguard for small businesses.

When using One Identity Safeguard, we need to be patient.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1386330 - PeerSpot reviewer
Manager Engineering at a comms service provider with 1,001-5,000 employees
Real User
Easy to set up and operate, amazing reporting capabilities, and helpful for compliance
Pros and Cons
  • "All the features are promising, but we love the reporting feature because we can get each and every report. That's a major compliance requirement. Its reporting is really amazing, and it has made life a lot easier."
  • "Cost-wise, it is a little bit expensive, which makes it difficult to get management approval. Its price should be reduced."

What is our primary use case?

We have more than 1,000 servers or application servers, and we have several layers of teams. We have super admins, system admins, and operations staff, and we also have application vendors using the system. In such a large environment, it was really difficult for us to do identity management on a daily basis. We had new people joining the team, and we also had people leaving. We had to put in additional manpower to monitor these activities and comply with the regulations. That was the main reason we moved to automation with the One Identity solution. We are using their Privileged Account Management solution.

We have virtual appliances. We don't have physical ones.

How has it helped my organization?

We have several data centers located all over the globe. Previously, if someone needed access or certain permissions, we had to manually go to our Active Directory, identify the user, and give permission. We had to do that one by one. When we had hundreds of new joiners, it was a time-consuming activity. Sometimes, this activity would take more than two days. One Identity has made all this easier. Monitoring has become much easier, and I can invest the energy in other things instead of monitoring which user is doing what. It has become a one-console management for us.

For my team, it has reduced the task of monitoring who did what and using which ID by 80%. They only have to do 20% of the work than before.

We are using all of the access features. It is much easier for a new user to adopt this solution. It also works perfectly fine with a VPN.

What is most valuable?

All the features are promising, but we love the reporting feature because we can get each and every report. That's a major compliance requirement. Its reporting is really amazing, and it has made life a lot easier.

Its setup is quick. It is easy to set up and operate. It doesn't matter whether you have a deep IT background or not.

What needs improvement?

Cost-wise, it is a little bit expensive, which makes it difficult to get management approval. Its price should be reduced.

In terms of features, I'm completely satisfied with it. I am not expecting any more features. Its cost is the only issue. Everything else is okay.

For how long have I used the solution?

We introduced this product in our organization in 2014.

What do I think about the stability of the solution?

It is pretty stable.

What do I think about the scalability of the solution?

It is very scalable. We recently increased the number of licenses. Previously, we had a thousand servers, but now, the number has increased. The number of users has also increased. So, we upgraded our system. 

We are using it mostly for privileged users, developers, and system administrators. In total, we have around 300 users. We have plans to increase its usage. We have some upcoming projects where we want to use it on a larger basis. We have plans to use it for DevOps users and third-party vendors, but it will take a little bit of time.

We have not integrated the solution with any other parts of the business, such as DevOps, RPA, or cloud targets. We are evolving day by day. We are upgrading our technology, and we have plans to do that in the future.

How are customer service and support?

We had premium support initially, but we don't require that now. We didn't encounter any critical issues. We are using their regular support. I would rate their support a nine out of ten.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We were not using another solution previously. Privilege management was a really tough task before the One Identity solution.

How was the initial setup?

It was straightforward. Of course, when you are introducing a new product, you need to do a little bit of research, but the steps were very simple. You don't need much technical knowledge, and you don't need to go so deep to do the configuration. You can just have a look at the setup start guide. Anyone should be able to do it easily.

Our deployment took around six months because we did a few PoC. We also tested it in different system environments before bringing it to the production environment. Out of these six months, we spent almost two months doing the PoC with other products, and then for two months, we put it in the UAT environment or the test environment, and then we brought it into the production environment. So, overall, it took six months for the rollout.

The deployment wasn't disruptive for our privileged users because they were working with the old method while we were implementing it. So, there was no pause during the implementation. Once we completely rolled out One Identity, they started using it.

To start using the solution, you at least need knowledge of the policies and configurations available. You require a little bit of training because one change is going to impact thousands of users.

What about the implementation team?

When we did the deployment, we had a team of about 30 people. Now, we don't have a dedicated team for its maintenance. We have a team of about 15 people doing other activities and managing various technologies, including One Identity.

What was our ROI?

I have definitely seen an ROI. It is not necessarily in terms of cost. My work has reduced, and I'm able to focus the saved energy or time working on other technologies or implementing new things in other areas of my organization.

What's my experience with pricing, setup cost, and licensing?

Its subscription cost is too much, and sometimes, it is very difficult to pitch the solution to the management for cost approval. If the cost is reduced a little bit, it would be easier. If its cost was less, many other organizations that currently cannot afford it would be able to use this technology. I'm sure many organizations around the globe are having issues with identity management, and it is a very difficult task for IT to manage privileged accounts.

Which other solutions did I evaluate?

We did PoC to identify different solutions. We tried several solutions, but it didn't work out. We did a PoC with the One Identity solution, and it was easy to manage because it helped us to meet all the compliance requirements and do other things. That's why we went with this solution.

What other advice do I have?

I would recommend it if you are looking for a privilege management or identity management solution. If you are having challenges with reporting and compliance, it will certainly be helpful because you will get a lot of details for auditing and monitoring purposes.

I would rate it a nine out of ten. It is an amazing product, but its cost needs improvement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Information Security Officer at Outscale
Real User
Provides all the information that we need for an investigation, but the interface needs more organization
Pros and Cons
  • "We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless."
  • "The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0."

What is our primary use case?

We are using the virtual appliance. We are a cloud company working widely with virtualization. We provide virtual machine to our customers. When we deploy a new solution, we try to use our system to show our customers that it works for them. That is why we are using a virtual appliance which validates the usage.

For now, we are using it for traceability of access inside the platform because we are a certified company: ISO 27001, SecNumCloud, HDS... We use this solution to monitor the session of our administrator and also to capitalize on incidents. When you have an incident in the night and our Level 3 people are working on it, they don't have the time to document all they do on the platform. The main goal is to have the service up as fast as possible. We are now recording the session, and the morning after the incident, we can see the session and understand what has been done to resolve the incident.

We are using the latest version of Safeguard.

How has it helped my organization?

When we are asked to do an investigation for a server, we have all the information that we need. We never have any problems as all the information is available to us.

What is most valuable?

The transparent proxy is the most valuable feature. When you are connecting to a server inside the platform, the user doesn't need to change their habit. They just have to make small configurations to their workstation, then it is transparent for them. Our users like the solution because it's transparent. Users doesn't need to have interaction with 3DS OUTSCALE IT or security team to work as usual. It's interesting for the users because they don't have to think, "I have to note all that I've done during the incident to remember it".

We use the solution’s “transparent mode” feature for privileged sessions. It is very easy because it is only a simple configuration for our users. We don't have to modify our network. We install it, configure it, and it works. So, it is super easy. The rollout for our users is seamless.

The "transparent mode" allows for better visibility. With its monitoring, we can do investigations which are good for us and improve our system.

What needs improvement?

The interface is better now, but it still could be improved a lot. It needs more organization, menus, automatic refresh of information, and Web 2.0.

An official HashiCorp Vault connector would be very helpful inside the platform.

SSH implementation is not 100% compatible with standard SSH (openssh). For example : JumpHost.

As a result, some options require manual tunning, and complicated user-side configs, where it could be much simpler

For how long have I used the solution?

We have been using it for a long time: six years.

What do I think about the stability of the solution?

It is very stable. We have never had incidents with it. When we lost a connection with our Active Directory, the system continued to work. When we lost the storage on the virtual appliance, we restarted it, then it was fine. Thus, the product is very stable. 

One or two people are needed for deployment and maintenance. For the deployment, it's done by the security team for now. However, in the near future, it will be managed by the operations team.

We upgrade about every two months the latest version.

What do I think about the scalability of the solution?

We don't use the scalability. When we need a new appliance, we deploy it inside another network. We don't need scalability for now, but if we grow quickly, we will need to think about it.

We have about 50 users inside the company, including the security team, operations team, infrastructure team, and Level 1 support.

We are using 75 percent of the parallel session unless there is an incident, then we can use all the slots.

How are customer service and technical support?

I used the technical support once. It was good. I had the answer to my question quickly. I have direct access to the pre-sales team and my account manager. So, I called in and my problem was solved.

Which solution did I use previously and why did I switch?

Yes but we had to quit it because they didn't have what we needed and it was very expensive. 

How was the initial setup?

In the beginning six years ago, we started with a small instance. We used it very simply and learned how to manage it. 

With the newest version that we massively deployed, we had one week to know how to install it and how it works. Now, we know how it works very well.

Install is fairly simple, with basic options.

Configuration requires a little explanation on the way it works but is straightforward too.

What about the implementation team?

We deployed it ourselves.

What was our ROI?

We have seen ROI in terms of time. It's easier for us to investigate incidents, which is helpful. It has improved our performance with investigations. It used to take a month to write an incident. Now, it takes us a week, cutting the time down by a fourth.

What's my experience with pricing, setup cost, and licensing?

Our licensing costs are on a yearly basis.

Which other solutions did I evaluate?

We evaluated CyberArk, which was pretty good, but it is very expensive. CyberArk's interface was better. Also, CyberArk's login was not so transparent. We chose One Identity because it has a transparent login in interruption in the network.

What other advice do I have?

When you use Safeguard in production, it provides traceability and protection around your platform.

I would rate the solution as a seven (out of 10) because of the interface.

I have seen the future of analytics, and it's very interesting. I hope to have the time to try and learn something about that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2024
Buyer's Guide
Download our free One Identity Safeguard Report and get advice and tips from experienced pros sharing their opinions.