One Identity Safeguard Reviews

The three main use cases that we have are:

1. Ensure our human and non-human privilege accounts are locked up in a password vault. 
2. Have workflows to handle the major types of usage, such as break glass and business as usual. 
3. Changes in usage of the credentials are tied into approved change requests. 

These drive our first goal to take all our privileged users on the help desk, our local accounts on our desktops, our servers (web servers, app servers, or database servers), and individuals in our network group who do our firewalls, then migrate all these human accounts into Safeguard Password Vault. Last Fall, we went group by group and revised their accounts. We took away any type of privilege account that they had, ensuring that all of these accounts were then migrated to the Vault. They could then check out passwords to facilitate any type of privilege activities they needed to do on behalf of the bank.

We use virtual appliances for this solution, which made sense for us, especially if we will plan to perhaps migrate to the cloud. Right now, it's all virtualized on-premise.

Anytime new tools and technologies are being brought into the bank, the biggest impact is to the process, procedures, and culture. There is a culture change when any new technology gets rolled out. This solution changes the way we have done the business for many years. We're taking a very controlled, conservative approach in how we roll the technology out.

It is working as it's supposed to work. We had a lot of good support from the One Identity team who helped us build it and do a test. 

We are able to log and get reporting on all privileged activity that is being performed. We like the fact that we can leverage the session recording feature, which is especially valuable when we're dealing with third-party vendors that have to remote into our our boxes and servers to do any work on behalf of the bank. Now, we can record everything they are doing to ensure that they're only doing the changes that were needed. In addition, we use it to leverage knowledge transfer with our internal staff.

We use the solution’s Approval Anywhere feature. We do have the Starling 2FA app on our mobile devices. We haven't rolled out the request and approval yet. We want to get people to use it in their daily functions, whether it's business as usual work, break glass, or any changes that they need to make tied into an approved formal change request. Starting in April, we will be rolling out the request and approval phase. Based on the type of change being requested, break glass will need to be approved, especially if they're doing it during the daytime or off-hours. Then, we will have change requests tied into our change-advisory board. Once there's a change that's approved via our CAB process, then that person will be allowed to check out the credentials they need and tie it back into the ServiceNow ticket that was created. This gives us the audibility between when that change was being made and ensuring that it's being performed for its intended purposes. We are taking a crawl-walk-run approach.

Some of the out-of-the-box reporting isn't that rich. We spoke to our Safeguard reps who have acknowledged that some of the reporting features can certainly be improved and that we're not the only customer who has cited this. There are very little out-of-the-box reporting capabilities. You have to build the queries and the report. I believe in the next release they're going to be addressing this.

We have been using Safeguard in a production capacity for about nine months now.

We haven't had any problems at all. 

There was one issue where we had to put a certain fix on and were able to work with the One Identity people. We downloaded the fix and put it onto our dev environment. After it was baked into our dev environment for a day or so, we then scheduled that change to go live into our production environment. That went very smoothly.

Two people are needed for deployment and maintenance. They're both in the cybersecurity area. There's a manager along with a senior cyber security analyst who runs the platform.

The tool does everything that it is designed to do. It is one of the leading privileged access management products out on the market. They rebuilt the whole product, giving it a nice brand a new clean user interface, which is very user-friendly and easy to use. One Identity has done a very good job taking the old product, TPAM, and doing a whole refresh of that tool. We're very happy with the Safeguard product.

We have approximately 50 to 60 human privilege accounts whose roles are everything, everywhere. From the information security department to the desktop people, there are about 12 users in that area. There are about 20 people who comprise our IT engineering group and another 15 or so who comprise our network team. Then, there are the third-party users who have to login on behalf of the bank to do changes for us, which is another 10 or so privileged accounts which have been setup for a one-time usage when a third-party vendor needs to remote into our system. Crawl-walk-run impacts about 30 percent of all the changes being made. Most changes are made to the production environment and need to be done with a privilege account.

I would rate the technical support as very good and strong. We're happy with the support we get from our One Identity team. We see it as something that will be accepted more as the culture changes at the bank. We did the human accounts first because with the non-human service accounts there have been challenges this year. You have to tread water very slowly since you have to do a good analysis and understand what these non-human service accounts are used for. It's not just a simple lock them up in a vault type of scenario. It will take us a bit more time to put a plan together beginning in the second quarter to address the onboarding of these non-human service accounts into the password vault.

There wasn't much training required for those who manage the product. It was pretty straightforward. We did do training though. We had a training manual as well as a hour training class with various user groups. Our hour training, manual, and how-to guide along with being able to support issues/concerns via our cybersecurity team was beneficial to the success of the implementation.

We did not use another solution previously.

Prior to this Safeguard implementation, we did not know when somebody was using their elevated privileges to do certain features or functions. We only hoped that it was according to whomever the change request was associated. Now that we're able to audit log and record what is being done, we can play back all the sessions to make sure no type of unattended usage of the privilege or elevated credentials were being used. From securing the bank standpoint, it has helped tremendously.

The team shared with us that the initial setup was pretty straightforward.

The deployment took no more time from when we got the servers brought in to when got the software installed. This took a few weeks to get it up, configured, and customized for our needs. Then, there was some sandbox testing which was done, then we started the pilots within the first three months of having the solution stood up.

Anytime you are putting in a deployment change that affects privilege users, it's going to create some problems. That's why we took a very slow approach of taking one user from all of our various groups. We had one person from each of our teams: desktop, network, and IT engineering. We worked with them for about a month. We tried to shake out any bugs and issues that they would have before we gradually rolled it out to others. 

People are very adverse to change. When you have this type of a solution, the technical capabilities of the product along with all the process change creates some issues. However, we expected that.

My role was as head of identity and access management to work in concert with our cybersecurity manager. It is his team who owned and rolled out the technology to the bank. My responsibility was making sure from an identity and access management process that the procedures had been in place and they satisfied our internal and external audit requirements. I'm more of the process guy, not the technician.

Being in information security, anytime you can sit down with the board of directors, and say "We now have a more secure bank," there is ROI. The reason: The biggest threat to any bank is an insider threat. Now, with our privileged access, we have them logged, recorded, and locked up in a password vault so we know who's making changes, when they're making change, and why they're making changes. This helps greatly improve the security posture of the bank. That's what we use to sell and justify that it was a good investment for the bank.

In addition to Safeguard, we looked at a product by the name of CyberArk and one by the name of BeyondTrust. These were the three products that we brought in for a proof of concept. In the summer of 2018, we made the decision to go with Safeguard. Then, between June and July 2019, we had it up and running, starting pilots and rolling it out accordingly.

When we did our scoring criteria on the three products, all the products were very close. What it came down to was price. We had individuals on the cyber team who had previous experience with the One Identity Privileged Access Management product at that time, which was called TPAM back then. Those individuals had a very good relationship and understanding of that tool. This weighed into our decision as well as cost to go with the One Identity Safeguard solution. It was definitely cheaper than the other two products that we evaluated.

The solution is part of our identity and access management product. We use Saviynt as our identity, governance and administrative tool. We certify all privilege accounts on a schedule basis. There is some integration with our identity and access management platform/program at the bank. It allows us to be in a position where we can identify and detect as well as prevent any type of privilege act that's being used as a threat at the bank. The integration was easy. It didn't pose any problems.

We have had a mixed bag regarding the solution’s usability and functionality. We have had some people who said that the tools worked nicely. They checked out their credentials every morning, use them for the better part of the day. We set the duration for eight hours. Once somebody checks out something in the morning, they pretty much use that password for the entire day. For some groups, this created a problem because of the type of work that they do, such as long running processes. We've had some issues where their password expired while a process was still running. We had to work with our IT engineering group to come up with a different type of the duration for their needs. One Identity has been very good at working with us to help us through these use cases. 

Understand each use case very carefully and thoroughly. This changes the way someone conducts their business. We had to be cognizant of the impact to our day-to-day operations. If I could do it all over again, I would spend more time understanding the impact of a security tool, such as a privileged access management solution. I think we could have done somethings better than we did.

We haven't started to use the solution’s behavior analytics feature, but as we start building up some data, then that puts us in a position to be able to identify any type of exception or anomalous behavior. We haven't built up enough trending data to leverage that functionality at this time.

We are very happy with the tool. I would rate the solution as an eight (out of 10).

We use the on-demand version. We use the solution for monitoring and connection to the customer's server for Windows and Linux.

It's easier to connect to the server and it makes it more secure. We've seen about a 40% improvement in that regard.

The monitoring system is very good.

It has a very nice user interface.

The product is very fast to implement.

We use the solution's transparent mode for privileged sessions.

There is a lack of documentation and many problems with the plugins.

I did run into problems with transparent mode for privileged sessions. We didn't connect correctly to the server. It was an issue we had with the customer's server, not the product itself.

The security of the connection could be improved. 

I've been using the solution for one year. 

It's not completely stable. Sometimes the newest version does not support an older version.

The solution is not so scalable. 

Mabe 20 or so users are leveraging it in our organization. They are admins. 

We use regular support. The response times are too long. Sometimes it could take days. 

Positive

I previously used CyberArk. I changed companies, and now I work with this product. I find Safeguard to be easier to implement, however, it does lack documentation.

It is fast to implement. 

While the process is not technically complex, there was a lack of documentation and we had to figure out how to do it ourselves. The deployment took three weeks. We had two people working on the process.

We have yet to witness an ROI.

The solution is offered at a good price. We pay a monthly fee. I'm not sure of the exact cost we pay.

I'm a product partner. 

We are using the latest version of the solution. 

I have yet to use the cloud assistant feature, so I can't say much about that aspect of the solution. We also do not use the solution's secure remote access feature for privileged users. We don't have it integrated with DevOps or RPA.

While basic knowledge is important, there isn't much training required to start using the solution. 

I'd rate the solution six out of ten.

We use it primarily for our IT team, so they can access our production and pre-production environments, to have better accountability. They have to create a ticket, check it out, and then they have to get approval from our approvers group. So there's accountability from beginning to end, and we also record the sessions.

The time frame to get sessions rolling has been cut to a third. From a productivity standpoint that's tremendous.

In addition to that, the ease of use is fantastic because our IT team is able to check out sessions very quickly because it's so intuitive and easy to work with. They're pleased with it and it allows them to do their jobs much faster. That's probably the largest way it has improved things for us.

Finally, because of the intuitiveness and ease of use for end-users it has been really simple to train on. This product has worked flawlessly for us.

There are a lot of features, so it's going to sound funny, but one of the most simplistic features, the Favorites feature, is the one we like the best. You do a full run-through of configuration to check out a server and then you can save that whole configuration as a favorite. So the next time you go in, you click on the favorite that you configured and it automatically takes you to the end so you can check the server out that much faster. It saves a lot of time, resulting in an increase in productivity and a decrease in issues and errors and interface problems. It increases redundancy and gives us a much easier interface to use.

We're using virtual appliances for Safeguard because of the flexibility of virtual appliances. We can snapshot them, we can restore them quickly. There's a lot more flexibility with virtual.

We use the solution’s Approval Anywhere feature, and it allows a group of five individuals to receive notifications on their phones, through Starling, and review a request and approve it with one click.

We also use the solution’s “transparent mode” feature for privileged sessions. We record them and we also review them. That way, if there are problems with any configurations they did, we can go back and review them. Also, for mentoring, teams utilize it to help individuals deploy code better or to make changes to configurations. There are a lot of positives with that feature. It was very easy to start using this feature. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with. The rollout of "transparent mode" was seamless for our users. We sent out picture instructions on how to do it and offered to get on a call with people to discuss it with us, but nobody had any questions. In terms of the monitoring itself, it doesn't affect things any differently than the previous solution. It's pretty much the same. Obviously, using the tools is easier, but we were monitoring the same type of information as before.

There is room for improvement in the launch module. They built in a launch button but they don't have effective instructions for configuring it to allow it to launch an RDP session. They're working on that, but the button is in the live product. If they were going to install something that wasn't useful, they should have just disabled it and not rolled it out with the product. Because we don't tie it to an RDP session, you actually have to click the download button and then open the RDP session from there, versus just clicking the launch button and it automatically opening RDP.

Before Safeguard we used TPAM, which is one identity's product as well. We upgraded but we've been using the overall product since 2016.

Overall the solution is very stable. We have not had any major issues on it. It's a nice system.

The only issue I have run into was with our failover two our redundant. There was a pointer to the One Identity platform, it's called an SPP, and it wasn't pointing correctly. But we were able to resolve it. There have really been no issues besides that. Otherwise, everything is very seamless when doing failover and full redundancy.

We can continue to add more VMs to support thresholds. We can certainly scale up with it. It's being used on about 300 servers right now and we have plans to expand to about 200 more.

We have 50-plus people using safeguard right now and they're all in IT. For deployment and maintenance we have one to two people.

We haven't had to use technical support. It's been a solid platform so far.

Previous to this, we were using TPAM and, while it worked, it was horrible to work with. When we saw and got a demo of Safeguard and saw that we would be able to approve things from our phones, saw the user interface which was so much nicer — more intuitive, a lot easier to configure — we went from our teams complaining about the old product every day to not hearing one complaint at all. As a matter of fact, I hear compliments about how much they love Safeguard.

The feedback I have had from users has been a lot of compliments about how much they enjoy working in the interface. It's so much easier to use. It's quick. They can get to the point of checking out a server and of being compliant with security requirements, while at the same time being able to troubleshoot an issue much faster than they used to be able to.

The initial setup was a little complex.

We worked with an integrator, Rallypoint Solutions, to accomplish it because we hadn't accomplished it before with Safeguard specifically. The integrator was tremendous. I have nothing but good things to say about Rallypoint. They helped integrate the whole thing. They really had a great understanding of it. We worked with them throughout the entire setup. We were the hands and they were guiding us. Overall, it was very easy to get up and running.

It did take about a week, eight hours a day — so 40 hours — to get fully up and running and everything imported from the old system into the new one, and to make sure all testing and redundancy were done.

The deployment was not disruptive to our privileged users at all. We ran both the old system and the new system in parallel and allowed them to migrate over after a period of two weeks. However, we had most people on it the first week and they loved it. They were eager to get off the old system.

It required no training. I provided step-by-step picture instructions that we had written out and that was it. They were good to go. We did have a strategy in place, if we needed to work with our teams from a training standpoint. We had sessions set up and ready to go where a live person could walk them through it. But none of our IT users seemed to need that. It was very intuitive.

We have seen ROI using Safeguard. For example, configuring a session in the old version used to take them 10 or 15 minutes, or more. Not only that, but the live person who was the approver had to be logged into the system. So the requester could actually wait a couple of hours before somebody would be able to log in and approve the session. With Safeguard, it's approved within less than a minute because approvers get the notifications on their phones and are able to review the tickets effectively. They understand what's being accomplished and know that it has a ticket number with more detailed information that they can verify, and they can approve the session right there. The individual gets that approval immediately. We went from an average of from anywhere between 15 minutes and two hours down to less than a minute or two. That's tremendous.

They offer a fair price for a robust solution.

In addition to the standard licensing fees there are costs for Starling, but they're very minimal annually. You need Starling to use the mobile Approval Anywhere feature that is so convenient. So it's worth every dime. That extra cost is so small that it's not really even noticeable.

There are integration costs if you aren't looking to do it yourself. I highly recommend their integrators. They are a little expensive but certainly worth the money.

We did evaluate other solutions, but this is the best choice. We went with Safeguard because of the flexibility, the interface, and a more seamless migration from the old system to the new system. And costs were a consideration, obviously.

If you're looking for something that is easy to use with a very intuitive interface — even the administrator interface is very intuitive — I would highly recommend Safeguard. The entire platform is very intuitive, very easy to work with, easy to set up. I can't think of anything that we have really had huge issues with.

The biggest lesson I have learned from using Safeguard is to make sure you have enough accounts available for individuals' sessions so that they can check out. The way Safeguard works, an account is created just for Safeguard. Individuals go in as themselves and then they have to check out this account in order for that account to be able to remote to the server. That account would be the only one allowed to remote to the server. But if multiple people have the account checked out for multiple hours, that presents an issue. So keep your session times as minimal as possible. Even for timeout, allow them to change it if they think they're going to use it longer. But the important thing is to make sure that you either have enough accounts or have your session timeouts limited.

We do use the solution's behavior analytics feature, but I wouldn't say that it's too useful at this point for us because we know what their usage is because it has to be done through tickets. For how long they're using it, what kind of configurations they're doing, and what they're doing, the analytics piece of it is more expected for us, as a result. It does help us to identify risky actions without having to create a set of rules or policies, and without any effort on our part. But in our environment, if users don't put in a ticket and provide effective comments, then our approvals group doesn't approve it. There's no automatic approval set up. An individual reviews every request, so malicious use would not be possible.

I have found the most useful feature of One Identity Safeguard to be Privileged Sessions.

When we compare One Identity Safeguard with Cyberark, we know CyberArk has other tools or other features that are more complex and more useful for the customers. For example, I have one customer that wants to elevate the permission that is available in CyberArk. 

Another example is, I have one potential customer that wants to use some feature that is available only in CyberArk. The scenario is one user request a patient, however, that user doesn't have the permissions. In that request, he wants to request more permissions elevation and more rights under the live connection. This can be done in CyberArk and not in One Identity Safeguard.

We need to allow more permissions for the user who requests access for the previous account in a live connection.

CyberArk gives stronger features for safeguarding at this moment.

I have been using One Identity Safeguard for approximately one year.

One Identity Safeguard is a stable solution.

I have found One Identity Safeguard to be scalable.

I have contacted support. I can create tickets for support and in approximately one hour, I have a response from the support. They are very quick.

I have previously used Cyberark.

The initial setup of One Identity Safeguard was simple. In one week we can be ready to fully operate.

My advice to others wanting to implement this solution is to do the implementation slowly and concentrate.

I rate One Identity Safeguard a nine out of ten.

We use this solution to separate the office environment from the production environment with a secure network zone. All user sessions go through One Identity Safeguard before they can reach the production environment. All sessions are audited and they are indexed/searchable through the GUI. Some of the data are transferred to our SIEM solution. For the moment we use the product for RDP and SSH sessions. We are going to use it for Citrix farms also in transparent mode. 

All user sessions are going through Safeguard. They are all audited and secured with forcing the minimum security settings on the side of the user. With this setup, you can easily secure all of the connections to the production environment from the office. Especially if you have a lot of different places connecting to the production environment, it is a PCI DSS requirement that you secure the flow. In our company we already audited the product as part of the PCI DSS certification.

The most valuable feature is auditing the sessions. All of the sessions (RDP, SSH, Citrix) can be audited and replayed on demand.

Complete indexing on SSH sessions means that all commands are searchable after indexing.

Management of the farm of appliances. When you have more than one server to handle the traffic, you need to configure everything on each console and maintain seperately. The cluster feature is coming in the next versions, until then you can handle with some scripts but its not straight forward. In case you want to use a farm of appliances instead of one you should consider this.

Monitoring of the platform should be easier and more functional so that you can have a clear picture of the running service. Again when you have a farm of appliances you need to have all the monitoring data centrally so you know what is happening with the overall service. This feature is missing. You have to go on each server to see what is the status there.

We have been using this solution for two years.

This is an extremely stable product. Outages depend only on your environment. The service can run smoothly forever, depending on your company's setup and possible maintenance outages.

No problem to scale. It's always a good option to use a load balancer in front of the solution to handle the traffic.

Our experience with technical support has been extremely good. 

This was the first implementation of such a product in the company.

Setup is straightforward as long as you plan correctly.

The initial setup was with the vendor. They have extremely good knowledge of the product and provide good support.

This solution provides PCI-DSS compliance, so ROI can be considered very good.

The full license is expensive but if you plan to use it in a big organization then it is the best option because it is more flexible.

More options where evaluated, like Centrify and CyberArk, before we choose this solution.

Before you decide, do a full analysis of your requirements and see if the product fulfills them. Performing such an analysis after the fact is going to be difficult.

The primary use case for our customers is to monitor and audit external vendors, as well as keep track of internal actions when privileged user accounts are being used to access systems internally.

For our customers, it's much easier for them to be in line with audits. A lot of our customers work in the medical field, where it is important for them to keep track of external vendors, e.g., maintaining medical appliances inside of a hospital. This solution gives them real confidence that they can keep their customers safe and their data protected.

There are a variety of protocols that it supports.

The video-like stream and audit capabilities, in combination with its indexing capabilities to search for critical events quickly, are valuable features.

The transparent mode for privileged sessions is really nice because it keeps the integration quite smooth. Also, users don't have to change the way that they currently are used to working. 

It is easy to manage. There is a very logical, clear user interface. Also, the integration of scripts is thoughtfully implemented. Overall, it's a nice product to manage.

There are some features which are still missing compared to other competitors. For example, some customers need legacy VPN authentication capabilities.

The automated change of the passwords, which is now integrated, could be improved to be more flexible regarding different systems.

The overall stability has improved quite a bit throughout the years. The appliances run well, both virtual and physical. The product is pretty good, especially compared to other vendors and products.

Because of the nature of the connections being monitored, you can load balance it quite well. It is easy to shift the load from one appliance to another. However, the high availability function of the box itself requires a long time to switch over from one appliance to another. So, there is room for improvement

The technical support is tremendous. For large projects, we have had some challenges, but we were never left alone by the vendor. Also, in one case for a small customer, One Identity assigned one engineer to help with assessing the AD infrastructure of our customers, which was really helpful.

The install and deployment are quite rapid. For a smaller project, sometimes it only takes us about two to three days to implement and get the policies inline. For larger projects, it's actually also not that long for the appliance itself. The product requires a lot of changes on the management side, how vendors work, and how you need to counsel people how to use it, especially in Germany. Then, they are monitored, which is the quite larger portion of it.

For our implementations in Germany, we implement an explicit model most of the time. Therefore, the transparent mode for privileged sessions has not been used that much in my projects.

Look at the entire portfolio, since it has changed so rapidly. The capabilities have improved quite a bit. You need to make sure not to miss out on any features.

The Approval Anywhere for Privileged Passwords is a really good concept, because it enables admins to do other work, be more flexible, and work from home. However, we don't have any real experience with it yet, as we are looking into it at the moment.

We primarily use One Identity Safeguard for Privileged Sessions (SPS) for managing our customers' access to their critical systems.

We are able to demonstrate what has happened on the systems and who did what, when we have to investigate, in regards to audits using evidence.

• Acting as a proxy
• Session encryption
• Flexibility of usage

The transparent mode for privileged sessions is one of the best things for customers, because they don't see the system in-between. Thus, it is transparent for them.

The system is easy to manage, as it is not a system that you will change everything all of a sudden. It evolves most of the time with customer requests.

• We have not yet found the solution to be extensible through cloud-delivered services.
• Our external indexers are able to integrate with a hardware security module (HSM), which is good. What we have now requested is the integration of HSM with the SPS solution to be able to not have to manage certificates and the private key outside of any tamperproof system.
• We would like to be able to generate certificate signing requests (CSRs) from the interface for certificates. 
• We would like to be able to manage the lifecycle of the archived audit traits. If they are on the box, the cleanup and archiving policies are applied, as soon as they are archived on the external share, this does not apply. We need our customers to not have to manually delete these archives.
  
• From a web interface perspective, we would like to be able to duplicate connections, so we can reorder them.

We have not had a major issues regarding stability once we migrated our users onto the virtual solution. However, for some users, the physical appliance has been a bit buggy.

As of now, we use mainly virtual and have not tested the scalability and high availability, because it is a new thing.

The technical support is good. There has been great improvement to all the knowledge base articles available. Therefore, we are able to find a lot of solutions already when we create support requests.

It takes us a long time to make the people from product management and development to understand our needs, e.g., integrating this product with HSM.

Because we are a service provider, we have to demonstrate that our systems are really tamperproof. We had that experience previously, and now again, with One Identity SPS, as the product fits our needs.

The initial setup is quite simple, not complex. The installation documentation is good, so the installation is okay. You just need to read the documentation, understand how it works, and how it has to be integrated. Once you do your homework, it's quite easy.

We are the integrator for the deployment.

To install and deploy the solution for the customers, we count one day for a workshop with all the people involved: network, business users, IT, support, etc. Then, for the implementation, it can take another one to five days.

It is the life of our customers because it brings a lot of security. So, the return on investment is really on all aspects of compliance, security, and audit.

We implement this solution upon customer request.

Test it and its competitors. You will probably choose SPS.

Both the search functionality and speed have been greatly improved.

We are not using privileged passwords.

One Identity Safeguard is used by administrators to access their devices. They will log in using identity management in order to secure the administrator's login.

One Identity Safeguard can improve by having more integration with multiple devices.

I have been using One Identity Safeguard for approximately one year.

I have found One Identity Safeguard to be stable.

The scalability of One Identity Safeguard is good, we can add multiple devices.

We have approximately 40 administrates using this solution in my organization.

We plan to increase usage in the future.

I have not contacted support.

The initial installation was simple.

The full deployment took approximately a couple of months. Not because of the One Identity Safeguard, but because of us, we were busy doing other projects in parallel.

We used a third-party vendor for the implementation and we had a good experience with them.

My advice to others is One Identity Safeguard is a must to have because it's part of the cybersecurity framework, such as Nest ISO. We should have an identity management solution to manage the whole identity, such as privileged users.

I rate One Identity Safeguard an eight out of ten.